Connect to MySQL database outside LAN Qt C++
-
Hi there,
My pc has been used as Host of a MySQL Database (with Xampp), where anyone inside the LAN have access to it, but now I'm trying to transfer that job to an AWS EC2 Instance, because they only can access to the database if my pc is ON, and in the LAN and Xampp is running.
How can I configure the program, so anyone can access to the AWS EC2 Database Server, anywhere? Thanks.
This is the code to open the local database:
QSqlDatabase db = QSqlDatabase::addDatabase("QMYSQL"); db.setHostName("192.xxx.xxx.xxx"); db.setDatabaseName("name_of_database"); db.setUserName("diogo"); db.setPassword(""); if(db.open()){ qDebug() << "Fez conexão"; }else{ qDebug() << "Não fez conexão"; } -
Hi,
You would use a url rather than an IP address as these might change and also you better take on a class to properly secure your database because you are going to break a rule: don't expose your database over internet.
One other thing you can do is provide a dialog to configure the database access.
-
Supposedly, only those who use the program and have credentials, such as username and password, can access the database, but initially, I just wanted to connect to the database on that server, with Qt. Then I would focus on the security part.
What settings do I need to make? Thanks.
-
@DiogoIDENG
Although I haven't used AWS I wouldn't think there are any settings you need to make on your client programs. They use URL and supply credentials through the code, that's it. What settings you need or should make at the AWS side, for example for security/access purposes or for exposing MySQL over the web, is quite a different matter, and not to do with your client or Qt. I assume AWS documentation describes this and what you need to look at. I understand setting up the AWS side correctly is a bit of work, form what I have heard. -
@DiogoIDENG
Hi, essentially like @SGaist && @JonB said - all you need is the URL, username and password. Your problem really has little to do with Qt...
URL you can get from the AWS console and you should use that as IP changes (unless you want to splash some cash for the elastic IP).Above all, you don't want to expose any DB to the outer world. Build a VPN gateway, connect your host through the VPN to the instance where DB is.
Then it's buisness as usual modulo longer response times due to longer network path.Also, any user interfacing with the db should have their own, unique credentials both for the VPN and DB.
-
@DiogoIDENG said in Connect to MySQL database outside LAN Qt C++:
Supposedly, only those who use the program and have credentials, such as username and password, can access the database, but initially, I just wanted to connect to the database on that server, with Qt. Then I would focus on the security part.
What settings do I need to make? Thanks.
You do realize that the world is full of enterprises with only a subset of people having credentials with access to even non sensible infrastructure that get owned on an almost daily basis ?
-
Thank you for your help.
This way, if I want to have a cloud based sql database, what is the best way to do it? -
@DiogoIDENG ,
If you have and database in cloud the critical area is tunnel between cloud and lan in the organization. The tunnel should be protected with vpn. I use for example Zerotier easy to configure and trasparent for Qt. It is free for 25nodes. -
@DiogoIDENG if your company allows site2site tunnelling then you can do with pure AWS and OpenVPN on top. If said company lacks in the devops/sysadmin department look for a paid solution. Either way, you can either do split vpn between a vlan or a dedicated subnet or even a host (or a class of hosts but that's a tad more complex) - that's more safe solution; or something less tailored. Also with OpenVPN you can do per machine/client on-demand service, there is also integration between Google security groups and clients AWS side... Lots of free options, lots of paid ones too. All depends what kind of manpower and resources you have to configure it.
Once properly done, however, it is rather maintenance free.
