I agree with George. I was in a somewhat similar situation recently in which a client, for whom I was writing an intranet application that I would not be hosting, asked if I could give my application the ability to export data for some archain application just in case they decided they wanted to do something else with the data.
My solution was to provide them with the ability to export data in tab delimted files so that they could import it into any application they desired. They were more than happy with this approach as it gave them the ability to use the data in any way they may dream up in the future. To make the solution more attractive, I added a form to my application which allowed them to submit any select query they could dream up and return the results in tab delimted format. When returning the results I set the content type header to vnd.ms-excel and voila, when they submit the form the results immediately appear in an excel spreadsheet. This situation worked out for both of us because I am in no way responsible for compatibilty or performance issues with other applications and yet they have the ability to use the data in any manner they wish. Fred George Whiffen <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Py wrote: > > > > Hello, > > > > I have an application wich I maintained on my servers (PHP, Apache, MySQL). > > I have a client that is already using the application trought a secure link > > directly from his web site. > > But he would like to have my application update a database directly on his > > server (Oracle) in order > > to protect the statistical data collected trought the application, wich is a > > lot... > > > > I see no problem to open a connection to update his Oracle database on his > > server. I use phplib > > so it would not be a major modification. But some questions remains: > > > > - Opening a connection directly to his oracle database is not really more > > secure in any way. (If I get hacked, he get's hacked...) > > - It seems to me a false security since the data are manipulated by the PHP > > engine on my server anyway... > > - Creating a database (in order to replicate mine) would tell him a lot > > about how I do my stuff... (but I do not really care tho) > > > > My solution was to provide all statistical data to him with a secure (SSL) > > link and give him everything > > in XML so he could update his database just the way he want's it. > > > > What do you think? What sould I tell him? I really need advice since this is > > a field unknown to me... > > > > py > > > > p.s. I do not really know where to post a question like this one wich is not > > really related to PHP directly... Sorry... > > Hi Py, > > I guess it all depends on why your user really wants the data. Does he want to keep it as a backup > in case something happens to the copy on your server or does he really want to manipulate it via > Oracle? If he wants a backup I guess that's fair enough but why should he bother putting it in > Oracle until he needs it? If he wants to manipulate, I guess your question is what is that he wants > that do you not provide? > > Some observations: > > 1. If I were you I would not want to get involved with his Oracle database at all. It's all too > easy for you to get blamed unjustifiably for all kinds of problems e.g. the comms link doesn't work, > they don't like the data structures, their Oracle crashed etc. etc. > > 2. Your idea of providing the data in xml sounds good. But are they up to handling xml? Everyone > talks about it and claims they want it, but when it comes down to it, they're not ready! What about > giving him a boring old "csv" or "tab-delimited" text file? He can easily enough get it into Oracle > when he wants, and it's very hard for anyone to blame you for Oracle problems. It's also nice for > "managerial" customers, because you can show them the data in Excel/whatever and they can see for > themselves that you're supplying the data. Then, if they are not getting what they want, it's > absolutely clear that it's because of problems at their end, not your end. > > 3. The one time I met a proper "cracker", Oracle databases were among his favourite targets, so, as > you say, opening an Oracle connection doesn't sound like an improvement to security! > > > Practically, my approach to your customer would be to agree with whatever he asks for "in > principle", but make sure that you end up sending him csv/tab-delimited versions of all the data via > a https download first. You can say it's as a "test", or so they can "explore the issues", "get a > feel for the data structure/volumes" or whatever. My guess is that is all you will ever have to > do. Once they see how much work they have to do at THEIR end, they'll go all quiet. > > You might also suggest that while they are exploring the "issue" you could fill in any "immediate" > gaps in what you're offering them e.g. more summaries, different analyses, whatever... > > Hope that helps, > > > George -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
