Hi guys, I hope that I am posting this topic on the right section.
I am investigating the possibility of designing a specific php bot application and would like some advice on design and security, links to some usefull resources or even some similar applications or code snippets.
Here is the situation:
We are building a website that will contain a reserved users area, so users will be able to login and access their data, and even modify some of it.
Now, this data, or users database is in an old Oracle DB that is no accessed directly but instead can be accessed at terminal by an operator's interface. This interface shows all data that needs to be displayed at the web page and that is possible to modify.
Web page and the Oracle DB and interface application will most probably be hosted in different machines (mayb different networks).
We thought that we could use a robot that gets a request from the webpage (request to fill in user's details, request to force a change in address, phone #, payment status, etc) and then opens the interface application that will query the Oracle DB as a normal operator would do, then it must fetch data from the intsrface and send it back to the web page for displaying.
We are looking for a simple bot, fast, secure (not allowing other commands/data requests/data modifications than the ones defined upfront), and that shall not allow more than 5 users to be accessing the Oracle DB through the interface application at the same time, so we need to open and close sessions only when needed.
Any suggestions, ideas, links to useful resources?
Thanks in advance
Designing a fast and secure php bot application
Moderator: General Moderators
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: Designing a fast and secure php bot application
Not clear why you want a 'bot'? You can connect directly to the Oracle database from PHP. If you want to limit the number of users then you can require them to login/out and track the number logged-in in the database. I suppose you could build some sort of web service between the database and the application if you wanted.
(#10850)
Re: Designing a fast and secure php bot application
Chris,
the reason for trying to build a robot is quite simple. They've never ever touched directly the database, and they don't want anyone to query or modify the database that way. And they prefer to use the application interface that already provide all the data and interfaces necessary to the web application.
But that was obviously my first thought and it would be much cleaner and faster ...
the reason for trying to build a robot is quite simple. They've never ever touched directly the database, and they don't want anyone to query or modify the database that way. And they prefer to use the application interface that already provide all the data and interfaces necessary to the web application.
But that was obviously my first thought and it would be much cleaner and faster ...
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: Designing a fast and secure php bot application
The thing that is not clear to me is whether this abstracted interface is for other programmers or users? If it is for other programmers then perhaps a web services interface makes sense. If it is for users then accessing the database directly and writing a web app for them to use is probably the way to go.
(#10850)
Re: Designing a fast and secure php bot application
Chris,
the other "interface" is a normal desktop application provided to access and modify the database. So it is for "users" to operate on the database (Oracle 6 by the way), and they are trying to avoid accessing directly to it ... Still you suggest ti try to query and modify the db directly?
the other "interface" is a normal desktop application provided to access and modify the database. So it is for "users" to operate on the database (Oracle 6 by the way), and they are trying to avoid accessing directly to it ... Still you suggest ti try to query and modify the db directly?