Uploading data into remote database

Question

What is the most secure and easier way to send approx. 1000 different records into database that is not directly accessible - MySQL database on Web provider's server - using Windows application . Data will be stored into different tables.

Edited: The application will be distributed to users who have no idea what is database or putty or... They just install my application, open it, enter some data and press Submit.

Currently I'm using php to upload the generated script into webserver and there process it. I think I should also include some signature to the file to avoid some "drop..." hacks.

Answer 1

If you can export the data as a sql script you can just run it against the remote server using your application of choice. 1000 records wont create that big a script.

Answer 2

If you have ssh access to your web provider, you can use Putty to create a secure tunnel for the database connection. That way, your application will work as if it's connected locally. Otherwise, use a sql script as JayArr suggested.

Answer 3

In current project on my job we have the same situation - remote (faraway) database.

I made next solution: serialization sql query into xml and putting it via HTTP to web daemon, which is running on remote server instead of open sql server. Daemon checks credentials and executes query.

Answer 4

As I can't execute any external programs on external server, I created following solution:

• My program creates script file and calculates it's salted hash
• Program sends this file together with user credentials and hash into PHP page on the server
• PHP page checks the username and password, then checks hash and then executes script. Only Insert and Update commands are allowed.

Is this approach secure enough?