Py wrote: > > Hello, > > I have an application wich I maintained on my servers (PHP, Apache, MySQL). > I have a client that is already using the application trought a secure link > directly from his web site. > But he would like to have my application update a database directly on his > server (Oracle) in order > to protect the statistical data collected trought the application, wich is a > lot... > > I see no problem to open a connection to update his Oracle database on his > server. I use phplib > so it would not be a major modification. But some questions remains: > > - Opening a connection directly to his oracle database is not really more > secure in any way. (If I get hacked, he get's hacked...) > - It seems to me a false security since the data are manipulated by the PHP > engine on my server anyway... > - Creating a database (in order to replicate mine) would tell him a lot > about how I do my stuff... (but I do not really care tho) > > My solution was to provide all statistical data to him with a secure (SSL) > link and give him everything > in XML so he could update his database just the way he want's it. > > What do you think? What sould I tell him? I really need advice since this is > a field unknown to me... > > py > > p.s. I do not really know where to post a question like this one wich is not > really related to PHP directly... Sorry...
Hi Py, I guess it all depends on why your user really wants the data. Does he want to keep it as a backup in case something happens to the copy on your server or does he really want to manipulate it via Oracle? If he wants a backup I guess that's fair enough but why should he bother putting it in Oracle until he needs it? If he wants to manipulate, I guess your question is what is that he wants that do you not provide? Some observations: 1. If I were you I would not want to get involved with his Oracle database at all. It's all too easy for you to get blamed unjustifiably for all kinds of problems e.g. the comms link doesn't work, they don't like the data structures, their Oracle crashed etc. etc. 2. Your idea of providing the data in xml sounds good. But are they up to handling xml? Everyone talks about it and claims they want it, but when it comes down to it, they're not ready! What about giving him a boring old "csv" or "tab-delimited" text file? He can easily enough get it into Oracle when he wants, and it's very hard for anyone to blame you for Oracle problems. It's also nice for "managerial" customers, because you can show them the data in Excel/whatever and they can see for themselves that you're supplying the data. Then, if they are not getting what they want, it's absolutely clear that it's because of problems at their end, not your end. 3. The one time I met a proper "cracker", Oracle databases were among his favourite targets, so, as you say, opening an Oracle connection doesn't sound like an improvement to security! Practically, my approach to your customer would be to agree with whatever he asks for "in principle", but make sure that you end up sending him csv/tab-delimited versions of all the data via a https download first. You can say it's as a "test", or so they can "explore the issues", "get a feel for the data structure/volumes" or whatever. My guess is that is all you will ever have to do. Once they see how much work they have to do at THEIR end, they'll go all quiet. You might also suggest that while they are exploring the "issue" you could fill in any "immediate" gaps in what you're offering them e.g. more summaries, different analyses, whatever... Hope that helps, George -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
