2

I am writing a piece of software in Java that needs to connect to an online database in order to collect some information! I want to sell this software under my company, but the problem is Oracle has licenced the JDBC driver under GPL, which, I am correct, means that I can not redistrubute the driver in any way, amongst other limitations!

The only alternative I can see is to use PostgreSQL, as the driver is licenced under BSD as far as I am aware, which means that you can basically do what every you like with it. But I have spoken with my web host, JustHost and they have basically said that they do not support PostgreSQL and have no plans to, so if I wanted to host a PostgreSQL database with them I would have to pay for a dedicated server, rather rudely may I add. They was quite honest though, and they did say it would be cheaper to transfer to another web hosting company who support PostgreSQL!

As a last resort, I could just use a simple text file to transfer the information. But my only worry here is security. Some of the information stored in the database is confidential, well, actually, the data that is most confidential it will be licence keys, and maybe emails. This is obviously for when I validate the users licence key upon first use. Maybe it's not so insecure though, I just thought it would be very easy for people to edit the file to suit there needs, etc.

I did think that some kind of php script to provide requested information from a text file that the Java would communicate with may be more secure, but again, I'm not a security expert so I don't know, especially seeing as though I am using a shared host and am not paying for 'https'!

So basically, I would like to know what you would do given my situation please. Have you experienced this dilema before? If so, what do you do? What would you recomend? etc.

JasonMArcher
  • 14,195
  • 22
  • 56
  • 52
Andy
  • 3,600
  • 12
  • 53
  • 84
  • you may get quick and better answer from [http://programmers.stackexchange.com](http://programmers.stackexchange.com/faq). – Asad Rasheed Jul 27 '11 at 13:28
  • @Andy - read this thread, particularly the post by Bill Karwin: http://stackoverflow.com/questions/2111047/does-the-gpl-state-that-dependencies-of-gpld-software-also-have-to-be-released-u – Perception Jul 27 '11 at 13:40
  • @Asad Thanks - I keep forgetting about the different 'branches' of stackexchange, I will remember it for next time! – Andy Jul 27 '11 at 14:14
  • @Perception I have taken Bill's post into account now! – Andy Jul 27 '11 at 14:15

4 Answers4

6

You can use the MariaDB JDBC driver to talk to a MySQL server. It is LGPL instead of GPL.

Andre Silva
  • 4,782
  • 9
  • 52
  • 65
user2448658
  • 61
  • 1
  • 2
  • Thanks for your answer, that would have been my accepted answer I think but I think the solution I've accepted is far better. Thank you anyway – Andy Aug 27 '13 at 20:36
  • Thanks! MariaDB client (JDBC) is working for me. Oddly, `DatabseMetaData#getColumns("", "", tableName, "")` returns no column names, but that's easily recoded using a normal query and `SHOW COLUMNS`. No other source code changes were needed, for my simple application. – Jeff Learman May 06 '15 at 16:29
  • MariaDB jdbc is GPLv2. Do not use this in your software if you wish to keep it private/retain rights. – JMess Jul 15 '18 at 02:09
3

You can sell your software, and simply list the database / driver as an installation requirement.

Include it in your documentation and job done.

The GPL doesn't mean that proprietary software can't talk to it. It's a prerequisite, not a part of your software.

Also see this similar question:

MySQL licensing and GPL

Update

Also note you can even charge your customer for you providing the service of installing the library. This allows it to form part of your bill, without the customer having to install it themselves.

Community
  • 1
  • 1
Michael
  • 7,348
  • 10
  • 49
  • 86
  • @Mikavei I don't really want to have to make my users install the driver themselves; I didn't really want any installation requirements, let alone some as technical as this! Apart from the fact that I have read that MySQL told someone that even giving your customers a link to download the driver counts as redistribution and is not permitted! So thanks for replying, but I think that will become a back up plan! – Andy Jul 27 '11 at 14:09
  • Read the GPL, there's a get out clause for server / private libraries. As @Perception mentions via his comment. – Michael Jul 27 '11 at 14:22
  • The "giving your customer a link" is just complete rubbish. You can even charge a reasonable amount (to cover postage etc) when supplying GPL software. http://www.gnu.org/licenses/gpl-faq.html#DoesTheGPLAllowDownloadFee – Michael Jul 27 '11 at 14:28
2

What about a small server app that provides webservices to transfer the data? Then only that server app would actually need the JDBC driver.

Edit: For web services look into JAX-WS (here's the java.net reference implementation).

Using web serices you could encrypt the data using Java's built-in encryption library, transfer the encrypted date and decrypt on the client. Additionally you might transfer some hash (MD5 for example) for the data to ensure it has not been changed.

Thomas
  • 87,414
  • 12
  • 119
  • 157
  • Thank you for your suggestion, it seems the most 'sensible' up to now, considering I don't really know the GPL licence enough, and although I don't doubt any of the members on here things like this are too risky to assume without a lawyer/solicitor at hand! Please elaborate on your suggestion though! I think I understand what you are getting at, something similar to my PHP script idea but written in Java. However, I would like some more info please because I have never done something like it before! Will I be able to do it on a shared host? AND will it be secure enough w/o 'HTTPS' etc. – Andy Jul 27 '11 at 14:09
  • Go with HTTPS if you can. Anything less is only "secure enough" till it gets hacked, then it's too late :-) – Brian Jul 27 '11 at 14:24
  • @Andy I can't tell you whether that would work on a shared host since we have our own servers, but it should as long as the host supports Java and maybe some sort of application server (which would make several things easier) - I've updated by answer to give some more hints. Regarding encryption: you could also do that in PHP since the algorithms should not be language dependent. – Thomas Jul 27 '11 at 14:32
  • @Brian Unfortunately, HTTPS is a bit expensive for me at the moment; considering my business hasn't even started up yet! Are you saying that without HTTPS, if one person hacks it, it is hacked for everyone? And, is that to the extend that the server app will validate anything, or will that only happen if the hacker shares the crack, etc? AND, when you say "then it's too late", how irreversable is the hack, and what would making it secure again involve? – Andy Jul 27 '11 at 14:38
  • @Thomas Please could you look at [this help link from JustHost](http://help.justhost.com/questions/191/Do+you+support+Java%3F) regarding Java. They say their shared host supports 'Java Script' but they only say their dedicated servers support 'Java Server Side'! Unfortunately, I think this means that I can not make such an application, am I correct? – Andy Jul 27 '11 at 14:50
  • @Andy Yes, it seems like you'd then need to do it in PHP (should still be possible though). Btw, JavaScript and Java are entirely different languages. – Thomas Jul 27 '11 at 15:49
  • @Thomas Sorry for the slow reply. I thought PHP would be the case, but I think I have heard of an authetication server using PHP, that will work in conjunction with any language, but unfortunately, I don't have the source code at the minute ( I may have to try to persuade to the developer to provide me with the code) ! So, like you did with the Java server application, could you provide some information about doing this in PHP please? I do think it may have something to do with 'sockets' though! PS I do realise JavaScript and Java are entirely different languages! – Andy Jul 28 '11 at 18:12
  • Is the following topic the type of thing I would need: [http://www.webdeveloper.com/forum/showthread.php?t=249079](http://www.webdeveloper.com/forum/showthread.php?t=249079) ? AND, just encrypt the data that the sockets send, on the PHP server? – Andy Jul 28 '11 at 18:35
  • @Andy I'm no PHP expert but you should be able to find information on how to create and expose a webservice using PHP. From the Java client you'd then just use JAX-WS to connect to that webservice. The PHP webservice would then encrypt the data and send it as a binary stream to the client which decodes it again. – Thomas Aug 01 '11 at 07:35
  • @Thomas Thank you for all of your information, it has been very helpful, and it would have taken me a very long time to figure it out without your help! I'm glad you replied before I attempted anything though, because by the looks of it, using 'sockets' would have been quite inadaqaute and insecure! Looking back at your original post, if I were to read it properly I probably wouldn't have had to ask that last question though - it's just me being dim again :P! Webservice's here I come... (I'm assuming JAX-WS doesn't tie you down with GPL?!) – Andy Aug 02 '11 at 12:56
  • @Andy This would depend on the JDK you're requiring: Java 6 has JAX-WS bundled, thus you should have no issues with GPL/CDDL(which JAX-WS also uses). If you're only requiring Java 5 or less, you might have to distribute JAX-WS as well, or use an alternative like Apache Axis which is uses the Apache license. – Thomas Aug 02 '11 at 15:03
  • @Thomas Oh okay, thanks! I'm using the latest version of everything, and I plan to use launch4j to bundle the JRE with my software, so I should be fine then... – Andy Aug 02 '11 at 17:54
2

Not sure which bit of the GPL you think is precluding verbatim distribution? From a brief read of it I can see:

  1. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:

    a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

    b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

    c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)

http://www.gnu.org/licenses/gpl-2.0.html

Brian
  • 6,391
  • 3
  • 33
  • 49
  • Sorry, I'm a complete novice when it comes to things like this so I don't really get how this is supporting my case? To me is still says that I have to provide my source code, which is something I do not want to do! Could you explain in laymans terms what this means please? – Andy Jul 27 '11 at 14:09
  • Andy - you might be best going with Thomas's suggestion, to have your clients communicate with a server app, and only that talks to the DB directly. This is good not only because it avoids your legal worries, but it's actually a better architecture option and you can secure it better, less open to SQL injection etc. – Brian Jul 27 '11 at 14:23
  • Thanks for the reply, I think I will look further into Thomas's suggestion. It seems as though it will be more benefical all round! – Andy Jul 27 '11 at 14:38