0

Here's the question, I need to connect to a remote MySQL database from my C# Application, problem is the MySQL instance will block all access to all IP's apart from localhost, this can not be changed as its too much of a security issue.

The question is, is it possible to connect via a tunnel instead to a php script hosted on the server, this would then act as the mysql connection.

Any ideas and suggestions?

Neo
  • 2,305
  • 4
  • 36
  • 70
  • So you'd have the PHP script push sql commands to the local mysql server? Sounds like a hack that will create a gaping security hole. Can't you just open up mysql to a specific set of IP's? – Lee Davis Apr 11 '12 at 11:31
  • @LeeDavis The issue is the people using the software will be out on site at different clients each day, this would cause more of a security issue than securing a php script – Neo Apr 11 '12 at 11:50

3 Answers3

2

SQLYog (a mysql management GUI utility) already has this php tunnel script with its own custom API, so if you consider writing it yourself, would be nice to have cross-support. See Is there any good universal PHP MySQL HTTP tunnel?

Community
  • 1
  • 1
Artjom Kurapov
  • 6,115
  • 4
  • 32
  • 42
  • hmmm if I'm reading that right they pass xml to the php script to run the commands and return xml. While that would work I could create my own API system instead, the idea is to open up mysql to raw commands without hooking into port 3306. – Neo Apr 11 '12 at 13:13
  • Well since mysql uses TCP (or sockets or pipes) as its protocol, while php is called through a HTTP web server.. you would need to run php as a daemon and thus still require some port to maintain TCP. Which is pointless.. Same questions were closed previously too.. http://stackoverflow.com/questions/5539793/tunnelling-tcp-over-http – Artjom Kurapov Apr 11 '12 at 13:29
0

yes, just create a simple PHP script that will give you the desired output and use http request from the c# application to that php script to get the data - basically, you'll be building a very simple REST API (with authentication)

p.s. I don't see how that would be more secure than SSH tunnelling

scibuff
  • 13,377
  • 2
  • 27
  • 30
0

I ended up with going for an SSH port tunnel and achieving what I needed to do that way.

Neo
  • 2,305
  • 4
  • 36
  • 70