从桌面应用程序访问 Web 上的 SQLite 数据库
[英]Access SQLite Database on web from Desktop application
问题描述
I have an SQLite Database on a webserver.
我在网络服务器上有一个 SQLite 数据库。 I would like to access the database from a typical Java Desktop Application.我想从典型的 Java 桌面应用程序访问数据库。 Presently, I'm doing this thing... Download the Database file to a local directory, perform the queries as necessary.目前,我正在做这件事...将数据库文件下载到本地目录,根据需要执行查询。
But, I'm unable to perform any update queries on this.但是,我无法对此执行任何更新查询。 How can I do this.我怎样才能做到这一点。 [ On the actual database] [关于实际数据库]
Another question is, to directly access the database from web in java (is this possible), make direct queries, updates anything etc,.另一个问题是,在java中直接从web访问数据库(这可能吗),进行直接查询,更新任何内容等。
How can I achieve this type?我怎样才能实现这种类型?
I've written code for connection of Java to SQLite and is working pretty fine, if the db file is in local directory.如果 db 文件在本地目录中,我已经编写了用于将 Java 连接到 SQLite 的代码并且工作得很好。 What changes or anything I have to do to establish a link to the file on webserver without having to download the database file.?无需下载数据库文件,我必须进行哪些更改或进行任何操作才能在网络服务器上建立指向该文件的链接。?
Thanks in advance...提前致谢...
2 个解决方案
解决方案1
4 已采纳 2012-11-20 08:31:31
CL. CL。 is right saying that if you need to access from desktop applications to a web database, SQLite is not an appropriate choice.正确地说,如果您需要从桌面应用程序访问 Web 数据库,SQLite 不是一个合适的选择。
Using SQLite is fine in small web sites, applications where your data have to be accessed from and only from the web site itself;在小型网站中使用 SQLite 很好,应用程序必须从网站本身访问您的数据; but if you need to access your data from - say - your desktop, without downloading the data file, you can't achieve that with SQLite and HTTP.但是,如果您需要从桌面访问数据,而无需下载数据文件,则使用 SQLite 和 HTTP 无法实现。
An appropriate choice for your web application would be MySQL or other client/server database, so that you could be able to connect to the database service from any place other than your web application, provided server access rules set permit that (eg firewalls, granted authentication, etc.).适当的Web应用程序选择是MySQL或其他客户端/服务器数据库,以便您可以从Web应用程序以外的任何位置连接到数据库服务,提供服务器访问规则集允许(例如防火墙,授予身份验证等)。
In your usage scenario, you would be facing several orders of problems.在您的使用场景中,您将面临几个问题。
1) Security 1) 安全性
You would be forced to violate the safety principle saying that database files must be protected from direct web exposure;您将被迫违反安全原则,即必须保护数据库文件免受直接网络暴露; in fact, to access your web SQLite database file from your desktop you would be forced to expose it directly, and this is wrong, as anyone would be able to download it and access your data, which by definition must be accessible just by you.事实上,要从桌面访问您的 Web SQLite 数据库文件,您将被迫直接公开它,这是错误的,因为任何人都可以下载它并访问您的数据,根据定义,这些数据必须只能由您访问。
2) Updatability without downloading 2)无需下载即可更新
Using HTTP to gain access to the database file can only lead to the requested resource download, because HTTP is a stateless protocol , so when you request GET or even POST access to the database, the web server would provide it to you in one solution, full stop.使用HTTP访问数据库文件只能导致请求的资源下载,因为HTTP是一种无状态协议,所以当你请求GET甚至POST访问数据库时,Web服务器会提供给你一个解决方案,句号。 In extreme synthesis, no chance to directly write back changes to the database file.在极端综合中,没有机会直接将更改写回数据库文件。
3) Updatability with downloading 3) 下载的可更新性
You could download your file with a HTTP GET request, read data, make changes and the rest, but what if your online database changes in the meanwhile?您可以使用 HTTP GET 请求下载文件、读取数据、进行更改等等,但是如果您的在线数据库同时发生更改怎么办? Data consistency would be easily compromised.数据一致性很容易受到损害。
There could be a way可能有办法
If you give up using HTTP for your desktop application access to the database, then you could pick FTP (provided you have access credentials to the resource).如果您放弃使用 HTTP 为桌面应用程序访问数据库,那么您可以选择 FTP(前提是您拥有资源的访问凭据)。 FTP lets you read data from and write data to files, so - on Linux - you could use FUSE to mount a remote FTP sharing and access it just like if it was connected to your local file system ( see this article , for example). FTP 允许您从文件中读取数据和将数据写入文件,因此 - 在 Linux 上 - 您可以使用 FUSE 挂载远程 FTP 共享并访问它,就像它连接到本地文件系统一样(例如, 请参阅本文)。
In synthesis, you:在综合中,您:
- Create a mount point (ie a local directory) for FTP sharing创建挂载点(即本地目录)用于FTP共享
- Use
curlftpfsto link the remote FTP resource to your mount point使用curlftpfs将远程 FTP 资源链接到您的挂载点 - Access to this directory from your application as if it was a conventional directory从您的应用程序访问此目录,就像它是一个常规目录
This way you could preserve security, keeping the database file from being exposed on the web, and you would be able to access it from your desktop application.通过这种方式,您可以保持安全性,防止数据库文件暴露在网络上,并且您可以从桌面应用程序访问它。
That said, please consider that concurrent access by several processes (desktop app + webserver instance) to a single database file could lead to problems (see this SO post to have an idea).也就是说,请考虑多个进程(桌面应用程序 + 网络服务器实例)对单个数据库文件的并发访问可能会导致问题(请参阅此 SO 帖子以了解想法)。 Keep that in mind before architecting your solution.在构建解决方案之前请记住这一点。
Finally, in your usage scenario my suggestion is to program some server-side web service or REST interface that, under authentication, let you interact with the database file performing the key operations you need.最后,在您的使用场景中,我的建议是编写一些服务器端 Web 服务或 REST 接口,在身份验证下,让您与执行所需关键操作的数据库文件进行交互。
It is safe, reliable and "plastic" enough to let you do whatever you want.它安全、可靠且“可塑”,足以让您为所欲为。
EDIT:编辑:
MySQL is widely used for web sites or web applications, as it is fast, quite scalable and reasonably reliable. MySQL 被广泛用于网站或 Web 应用程序,因为它速度快、可扩展性强且相当可靠。 Activating MySQL server is a little bit OT on StackOverflow and quite long-winded to report, but in that case you could google around to find plenty of articles discussing such topic for your operating system of choice.在 StackOverflow 上激活 MySQL 服务器有点过时,而且要报告很长,但在这种情况下,您可以在谷歌周围找到大量讨论此类主题的文章,供您选择的操作系统使用。
Then use MySQL JDBC driver to access the database from your Java desktop application.然后使用 MySQL JDBC 驱动程序从 Java 桌面应用程序访问数据库。
If your idea is to stick with SQLite, though, you could basically prepare four web endpoints:但是,如果您的想法是坚持使用 SQLite,您基本上可以准备四个 Web 端点:
- http://yourwebsite.com/select http://yourwebsite.com/select
- http://yourwebsite.com/insert http://yourwebsite.com/insert
- http://yourwebsite.com/update http://yourwebsite.com/update
- http://yourwebsite.com/delete http://yourwebsite.com/delete
(Notice I specified "http", but you could consider moving to SSL encrypted http connection, aka "https", find details here and here . I don't know which webserver are you running, but still googling a little bit should point you to a good resource to properly configure https.) (注意我指定了“http”,但你可以考虑转移到 SSL 加密的 http 连接,又名“https”,在这里和这里找到详细信息。我不知道你在运行哪个网络服务器,但仍然可以通过谷歌搜索来指出你到一个很好的资源来正确配置 https。)
Obviously you could add any endpoint you like for any kind of operation, even a more generic execute , but play my game just for a while.显然,您可以为任何类型的操作添加任何您喜欢的端点,甚至是更通用的execute ,但只是玩一会儿我的游戏。
Requests towards those endpoints are POST, and every endpoint receives proper parameters such as:对这些端点的请求是 POST,每个端点都会收到适当的参数,例如:
- table name表名
- fields领域
- where clause where子句
... and the like, but most important is security, so you have to remember 2 things: ...等等,但最重要的是安全,所以你必须记住两件事:
1. Sign every request. 1. 签署每个请求。 You could achieve this defining a secret operation key (a string which is known to your client and you server but never travels in clear text), and using it in a hashing function to produce a digest which is sent together with other parameters as an incontrovertible proof for the server that that request it's receiving comes from a genuine source.您可以定义一个秘密操作密钥(您的客户端和您的服务器已知的字符串,但从不以明文形式传输),并在散列函数中使用它来生成一个摘要,该摘要与其他参数一起发送作为无可争议的服务器证明它收到的请求来自真实来源。 This avoids you to send username and password in every request, which would introduce the problem of password encryption if you don't use https, and involves that the server has to be able to reconstruct the same signature for the same request using the same algorithm.这避免了您在每个请求中都发送用户名和密码,如果您不使用 https,这会引入密码加密的问题,并且涉及服务器必须能够使用相同的算法为相同的请求重建相同的签名. (I flew over this thing at 400Mph, but the topic is too large to be correctly treated here. Anyways I hope this could point you in the right direction.) (我以每小时 400 英里的速度飞过这个东西,但是这个话题太大了,无法在这里正确处理。无论如何,我希望这可以为您指明正确的方向。)
2. Properly escape request parameters. 2. 正确转义请求参数。 "Sanitize" parameters someone calls it, and I think the metaphor is correct.有人称之为“消毒”参数,我认为这个比喻是正确的。 Generally speaking this process involves some filtering operations performed by the server's endpoint, but it basically could be written as "use prepared statements for your queries".一般来说,这个过程涉及一些由服务器端点执行的过滤操作,但它基本上可以写成“使用准备好的语句进行查询”。 If you don't it could be likely that some malicious attacker injects SQL code in requests to exploit your server in some manner.如果您不这样做,则某些恶意攻击者可能会在请求中注入 SQL 代码,以某种方式利用您的服务器。
解决方案2
2 2012-11-20 07:39:29
SQLite is an embedded database and assumes that the database file is directly accessible. SQLite 是一个嵌入式数据库,并假设可以直接访问数据库文件。 Your application is not an appropriate use of SQLite .您的应用程序不适合使用 SQLite 。
You should use a client/server database.您应该使用客户端/服务器数据库。
In any case, you should never make a database directly accessible on the internet;在任何情况下,您都不应该在互联网上直接访问数据库; the data should go through a web service.数据应该通过网络服务。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.