Which database should I use in a small desktop application?

Asked

Viewed 14,419 times

14

I read a bit about the Meta and I thought that this question does not escape much from the current rules of the site. Risking losing reputation, come on:

At the moment I work in a small company that currently manages very sensitive data (documents, addresses, telephones, etc) through Excel, which usually gives a lot of headache (huge spreadsheets, redundant data, impossibility to manage efficiently). In that, I thought of making a program to be able to manage this data more skillfully.

I chose C# as a programming language and Windows Forms (it’s an internal application - so there’s no need to be "pretty" - and I currently have more ease with Windows Forms) but I have some cruel doubts in the database:

  1. How is an application. NET, using Mysql is still a good option or SQL Server is safer, in a matter of integrating the database with the rest of the project (maybe Mysql has some problems with . NET?)?
  2. First I chose to set up a local server in the office, and leave the application in the notebook, leaving the desktop unique to be the database. However, one might see this as "waste of resources" (leaving the computer stationary and on without "using"). Would it be safe to make it productive (with a person using it to read emails, access the internet, etc.) and at the same time save the application data? Or should I isolate it to be just to store the data?
  3. I also thought about using a VPS to store the data, making it possible to use the program elsewhere (which may be useful). However, I would have to protect the database against attacks that would not be necessary if the bank were local (if it were local someone could steal the computer with the data, but that’s another story). It’s more feasible to invest a little in leaving data in the cloud or be safer and leave it locally?
  4. Maybe I’m being too exaggerated. It would also be possible to save the data together with the application, instead of setting up a server just for that. However, I find this somewhat wrong and unsafe, but I could be wrong.

About the project data: They are Brazilian documents (RG and CPF), telephone, email, address and full name. It’s not such a high-profile company as to use "heavy" encryption, but I can’t afford to leave it unprotected.

One piece of information I didn’t remember before I put it here was the opinion of some I asked in other places, which was that I’m exaggerating and should stay in Excel to avoid complicating things further. I disagree with that because there has been a lot of inconvenience with this data being stored in an inappropriate way, but maybe there is some other approach that I can take that I’m not seeing.

It is a doubt that is preventing me from starting the production of the project. I discussed with some people and did not reach a consensus. What would be the best action to take in this case?

c# mysql sql-server winforms

6 answers

9


Since this is not a question of the type "which database is better" at all, but rather one of the type "how can I solve a problem" (and a very common problem), I think the question is valid.

That said:

  • Since it is an application . NET, using Mysql is still a good option or SQL Server is more secure?

Both Mysql and SQL Server can serve your purpose well. I recommend SQL Server only because it is easier to integrate with .NET. applications If you were working with PHP or Ruby, I would recommend Mysql.

SQL Server has a free Express edition. It has some limitations like using at most a certain amount of memory and processor resources, but for your case, I believe that would not be a problem. If the limitations of SQL Server Express are a problem, then you won’t be able to solve your company’s problems with just one application of the type you propose to do ;)

First I chose to set up a local server in the office, and leave the application in the notebook, leaving the desktop unique to be the database.

You can also pay 5 dollars a month to host a database in any hole of the Internet (excuse the expression, but it is to emphasize the banality of the thing). This way you will not lose the entire database when the machine breaks down.

However, one might see this as "waste of resources" (leaving the computer stationary and on without "using").

Next time someone raises that argument, ask the person how much it costs to keep a computer on during office hours. See the impact on the energy bill and be surprised how cheap this is.

Would it be safe to make it productive (with a person using it to read emails, access the internet, etc.) and at the same time save the application data? Or should I isolate it to be just to store the data?

You’re just going to replace Excel, and not do anything as complicated as analyzing genetic material or climate patterns, right? It can run smoothly on a regular machine while the desk spends his day on Facebook works on the computer. As long as it’s an ordinary machine, not a wagon (for example, something with two gigabytes of RAM or less, by current standards).

I also thought about using a VPS to store the data, making it possible to use the program elsewhere (which may be useful). However, I would have to protect the database against attacks that would not be necessary if the bank were local (if it were local someone could steal the computer with the data, but that’s another story). It’s more feasible to invest a little in leaving data in the cloud or be safer and leave it locally?

Using a good authentication scheme and storing the salty hash of passwords should be sufficient to protect all industrial secrets of military research done for the DARPA your company keeps in Excel ;)

Maybe I’m being too exaggerated. It would also be possible to save the data together with the application, instead of setting up a server just for that. However, I find this somewhat wrong and unsafe, but I could be wrong.

If you mean you can run the application on the same machine as the bank, fine. If you meant storing the information in an application-specific format and dispensing the bank, no, you’re not wrong.

editing: Excel has ways to allow group work on the same worksheet. All changes are merged in real time. If you want to keep things simple, maybe this will help. But a database allows information to be better organized and consulted more quickly, so I recommend you keep searching for a database solution.

  • I couldn’t figure out if you prefer a local bank or a cloud bank. It sounded different. About cryptography: I meant that I don’t know the subject at all at present. My question was whether it is worth putting in the cloud and investing time to learn (inevitably I will have to do this, but it may delay the current application) or leave the data locally to avoid hassles about it.

  • "Cloud" is a buzzword. Every company that makes hosting uses that term today. When I say "pay five dollars to host" that’s what I mean. And you don’t need to learn much more - for your application, whether it’s going to connect to a local bank or a "cloud" bank. Your code will be the same. The only extra effort you will have is to check if the firewall allows connection to the database server that is "in the cloud".

8

  1. The important thing is the physical access to the database, because in my view both Sqlserver and Mysql are safe from a network access point of view.

  2. It depends on the confidentiality requirement of the information you will store in this system. But at first yes, it would be safe, but to be more sure there has to be a deliberation of the importance of information within the system.

  3. Depending on the types of data, it may be necessary to leave it on Brazilian soil. I remember a teacher telling that for example Serasa uses cloud in applications but the database is in Brazil for legal reasons.
  4. It is possible to safely store the data in the computer itself that will use it. You can start with access via GRANT in the database tables. It’s a path...

Suggesting a base, I would suggest the Firebird or the sqlite, the sqlite has a slightly more flexible data model than the Firebird, this may be good or bad, but I believe the world . NET is more used to Firebird.

4

Allow me to answer only point 2. I won’t talk about the other points because I don’t have much authority in all of them. But in the server infrastructure part I have :)

The ideal is always dedicate the server. It is not good practice to leave users on the computer which is the server itself. Usage does not match the server’s critical level as it contains the life of the company.

If someone thinks it’s a waste of resources, imagine the waste it would be to lose all the data. Even if you have backup to recover, the time spent is usually not worth it. In addition to you as an administrator losing credibility in the company and the company losing credibility with customers if it affects them (no matter how minor the damage to the customer).

4

As it seems to me that the company is looking for a solution that is cheap, and that does not waste a lot of resources, maybe one option is to use a Shared-hosting aimed for. Net, and create a web application instead of desktop (I know this goes against your option to use windows Forms, but believe me, it is a huge advantage).

So what are the advantages:

  • people can access data from anywhere

  • low cost, a good Shared-host for . Net costs $10

  • there are plans with data backup (even at this price)

  • not having to deal with the infrastructure part

  • when the company is willing, it can easily migrate to a dedicated host, or even an internal host (i.e. intranet)

Disadvantages of this hardship:

  • you will need to use a technology you are not familiar with (choose ASP.NET MVC if applicable)

  • you will need to worry more about the logical security of the data (you will need to log in, and probably use HTTPS and get a reliable source certificate, which will have an initial cost)

  • the data will not be completely safe as it is stored on a Shared-host

  • the internet connection becomes a necessity

Note: In Visual Studio you can already create an MVC application that comes from example, with features such as login and data registration, just use as a model.

Over the database, it would use SQL Server itself. Shared-host plans usually offer a bank at least, which for a small application serve well.

  • existem planos com backup dos dados (mesmo por esse preço) escape from plans that do not provide backup! Additionally, +1.

  • I didn’t rule out doing something for the web instead of desktop (if I did that, I would try to get away from .NET), but I didn’t because it’s an area that I know little about and requires a lot more time to learn than I’ve had a previous contact with before, which would delay the project. I also thought it would be better, thinking of me as a professional, to explore more the winforms before going to other lands. is an approach that I felt more "safe" to follow, but maybe I’m looking at it wrong

  • Why run away from . Net? It’s a fully established technology, with broad support, a huge community of developers... I don’t see why run away.

3

You said you store sensitive data in excel?

For sensitive data and C# I would prefer to use MS Sql. For not so important data you can use any one. "smaller" bases (surely its base is small) can use Mysql which nowadays is very robust. (IMHO a small base has less than one Gigabyte and a large has more than one terabyte).

Your biggest insecurity is having the data on a laptop, it can break down, be stolen, etc. The right thing would be to have them on a server and for security servers should not even have browsers or tools to read emails, regardless of RDBMS used.

Last but not least. Add value. You will gain experience in a database, you will work months, years with it.

Which one do you want to learn? Mysql or MS-Sql. In case of adding value to you as a professional I would choose MS-Sql.

  • About size: there are on an average very high, about 200 people "registered". The data are phone, email, CPF, RG, full name and address. I have no idea of comparison to determine the "size" of the (future?) database. I didn’t understand the comparison you made at first. Why Mysql would be for "not so important data"?

  • Maybe I didn’t express myself well. Mysql has the ability to persist sensitive data. As for size, a large base can be attached from a terabyte.

2

I believe that by the language that was chosen and if the volume of data that this application will manage , use a DBMS connected to C#, Sqlserver Express itself. Now, for greater ease and reliability, I believe Mysql is a good choice of DBMS.

Browser other questions tagged c# mysql sql-server winforms

You are not signed in. Login or sign up in order to post.