Working on master database

Muzamil

New member
Joined
Nov 18, 2021
Messages
4
Programming Experience
Beginner
Hello, I am working on management system using winform c# and postgresql database. Multiple users can perform reading and writing operations on shared network or somehow database can be updated or added information by any user.
How to share database?
What important things need to be considered during deployment?
 
Seems like your question is more about the database and deployment rather than WinForms. Moving subforums...
 
You set up your database on a server and then every client connects to that server. I don't really use PostgreSQL but it works pretty much the same way as SQL Server or any other RDBMS. You have a machine on the network that every client can see act as the database server and you create your database there. For development purposes, your development machine may be the database server too.

You would add a PostgreSQL provider to your project, probably using this NuGet package. You can then connect to the database exactly as you would any other. When you deploy your app, the database provider gets deployed with it and you just have to change the connection string appropriately. Connection strings are generally stored in an external config or settings file for this reason.
 
My understanding is that PostgreSql works best as a standalone server, rather than as database that you deploy along with your desktop application. Assuming that understanding is correct, then you'll want to deploy the WinForms app to the various desktops within your network, and then ensure that the PostreSql server is accessible to all those desktops. So in the app.config file or the user settings for your WinForms you would have a connection string that points to that server.

The big thing you need to worry about is the credentials that are stored in that connection string. Most users will be able to read the plaintext app.config or the user settings and see the username and password being used by your application to access the database.

Ideally, each user has their own logon credentials for the database instead of a single shared credential used by all the users. Having individual accounts helps beef up your security stance in terms of being able to keep track of who did what (assuming you are logging it on your server), and being able to quickly remove one person's access when they leave the company instead of having to re-deploy a new app.config to all the desktops on the off chance that person grabbed a copy of the username and password. To facilitate individual account credentials, you'll either prompt the user during installation for the credentials and embed that into the app.config if the app.config is stored in the Program Files tree. If you don't use app.config to store the credentials, and use user settings instead, then you can remove one less deployment headache, and just let the first run of your application ask for the user credentials and then store them into the user settings instead of the app.config.

Most people don't think about the uninstall part of deployments. Most uninstalls programs would know to clean up the app.config that it previously installed, but not all of them will clean up user settings files. You'll need to make sure that uninstall removes the user settings file if you store the user credentials there, otherwise someone may discover the password there. If the user is lazy and re-uses their passwords, a bad guy will likely try that "found" password in their other attempts to compromise systems.

I don't have any direct experience with PostgreSql, but if part of your initial deployment includes setting up the server, then you'll also likely need a way to safely handle the credentials that admin access to the server. And then you'll need some way to provision the individual user accounts that should have access to the database. If provisioning individual user accounts is a pain, and you can opt to go against security best practices and just have a single account shared by all the users. Just be sure that you are going into this configuration with your eyes, and your information security officers eyes open and accept the inherent risks there.
 

Latest posts

Back
Top Bottom