I developped application which send file to FTP server and also update database at the same time from client side application.
when customer heard like this configuration, he didn’t allow me to configure because of security(he said so).
That’s why he suggested that after file is put on ftp server, another application exists on ftp server update database as file is trigger.
In this case, to update database by client application is not safe ?
anyone can show example for me?
and…. one more things,,, to use file as trigger is not convenient.
so if i use web application (it’s called web service??? just supply URL to client side to execute service which update database.) instead of file on ftp server as trigger.
like this configuration can also keep security??
The reason it’s potentially dangerous for a client application to directly update a database is that it requires the database login credentials to be available to the client. Making them available to a client pretty much by definition also makes those credentials available to the owner of the machine the client is running on. If I were a malicious attacker, I could:
If you have the server update the database, then the database credentials need not be given out, and you can be sure that the database is only updated when the file is actually successfully transferred and not “spuriously” (for no reason).