Expose MySQL through web interface to PHP script?
Here's the situation:
I have a web hosting which provides a MySQL database account, but connection only allows from localhost.I'm considering to expose this MySQL through web interfac开发者_如何学运维e, and extend the mysqli class so I can normally read/write to this database from another host.
Before doing this, I want to know if my solution is a good idea, and whether there already has such an open source solution to my situation?
Use Web Services. Web services are designed to provide an API so that one server can communicate with another server to access the resources of that server. The advantage of creating a Web service wrapper around your MySQL database is to avoid exposing the SQL layer to the broad Internet.
In general, by writing Web services, your application can only use the services that you've specifically chosen to expose. Additionally, many Web service frameworks offer authentication packages and validation that can help prevent malicious entities from illegally accessing or manipulating your data.
Finally, should you migrate to a different data source, you can maintain the same uniform interface between the application and the datasource, which eliminates the need to modify the PHP application.
However, by directly exposing your database to the Internet, you potentially expose yourself to data theft and data loss.
For more information on Web services, you could start with this Wiki Article on REST.
That's a lot of overhead and reimplementation work. Instead consider to open the MySQL server up for remote connections, using SSL and certificate authorization: http://dev.mysql.com/doc/refman/5.1/en/secure-basics.html
This allows you to expose the real mysqld server. You will need to use the most recent PHP version, as that adds SSL support in the PDO interface for example. http://www.php.net/manual/de/ref.pdo-mysql.php#103501 But I'd say that's still easier than crafting your own RPC interface and securing that.
And if you actually use Mysqli, then the SSL/cert support is already built-in: http://php.net/manual/en/mysqli.ssl-set.php
Here is a good place you can get started to creating an API. First, you should evaluate the kind of data you want to share across your servers and see if you really need it.
精彩评论