内容从Windows客户端中下载 - 最佳实践[英] Content download from within a Windows client - Best Practices

本文是小编为大家收集整理的关于内容从Windows客户端中下载 - 最佳实践的处理方法,想解了内容从Windows客户端中下载 - 最佳实践的问题怎么解决?内容从Windows客户端中下载 - 最佳实践问题的解决办法?内容从Windows客户端中下载 - 最佳实践问题的解决方案?那么可以参考本文帮助大家快速定位并解决问题,译文如有不准确的地方,大家可以切到English参考源文内容。

问题描述

我们的应用程序是使用SQL Server Express作为其数据存储的Windows客户端(C ++/MFC迁移到C#).我们将定期更新发布到应用程序合作的数据. (我们的用户使用我们提供的内容数据作为使用客户端构建的项目的基础;数据库也存储他们的项目,以启用跨网络的协作).

一段时间以来,我们使用了古老的方法来提供包含所有最新数据的巨大"更新软件包".更新程序必须在服务器上运行,并将数据库文件与软件包中包含的文件交换.是的,出于许多原因,可怕的做法.我们想消除它.

特别是,我们将提供一个更新对话框,其中用户检查他们想要更新的项目,然后单击"更新".然后,背景过程将所选项目从内容服务器中删除并将其插入用户的数据库中.

从Windows客户端内部提取此数据的安全方法是什么,因为它们可能会选择或从潜在的数百个单独的项目中选择?

我已经考虑过:

  • 与SQL Server的远程连接.直接查询数据.易于实施,但不安全.搜索更好的方法来使用VPN或SSH的建议,对于我们的客户在客户机器上进行设置似乎都不是特别方便的.
  • HTTP内容服务,可提供每个单独内容项的zip文件.或者它根据用户的请求动态构建. (例如,我们提交一个XML文件列出了所需的项目,然后服务器端进程从SQL Server导出数据,然后将其汇总到一个软件包中).

其他包含计划内内容更新的应用程序如何?有任何建议朝正确方向前进(或至少一个好的方向)吗?

谢谢, D

编辑:我们不一定关心数据传输是否安全(内容不是敏感数据);在这种情况下,我的意思是"安全性",比将远程SQL Server暴露于中国的猛击者更好.

推荐答案

直接曝光SQL Server通常是一个坏主意.使用WebService,WCF.

本文地址:https://www.itbaoku.cn/post/514005.html

问题描述

Our application is a Windows client (C++/MFC migrating to C#) that uses SQL Server Express as its data store. We release regular updates to the data the application works with. (Our users use the content data we provide as a basis for their own projects built using the client; the database stores their projects as well, to enable collaboration across a network).

For a while we've used the archaic method of providing huge "update packages" containing all of the latest data. The updater would have to be run on the server, and would swap out the database files with the ones included in the package. Yes, horrible practice for many reasons. We want to do away with it.

Specifically, we will provide an update dialog wherein the user checks off the items they want updated, then clicks Update. A background process then pulls the selected items from the content server and inserts it into the user's database.

What's a secure way to pull this data from inside a Windows client, given that they may opt in or out of potentially hundreds of separate items?

I have considered:

  • Remote connection to a SQL server. Query for the data directly. Easy to implement, but not secure. Searching for better ways to do this turned up suggestions to use VPN or SSH, neither of which seems particularly convenient for our customers to set up on their client machines.
  • HTTP content service that provides zip files of each separate content item. Or it builds then dynamically per the user's request. (e.g., we submit an XML file listing the desired items, then a server-side process exports the data from the sql server and zips it up into one package).

How do other apps featuring in-program content updates do it? Any suggestions for heading in the right direction (or at least a good one)?

Thanks, D

Edit: We aren't necessarily concerned about whether the data transmission is secure (the content is not sensitive data); by "security" in this case I mean "is there a better way than exposing a remote SQL server to slammers in China".

推荐答案

Exposing SQL Server directly is generally a bad idea. Use webservice, WCF instead.

查看更多