README
1GDA Web provider
2================
3
4Unlike most other provider, this provider does not link to a database
5specific library but rather acts as a web client for a web server
6running some PHP scripts which acutally make the web server connect
7to a database.
8
9This provider enables a Libgda application to connect to a database
10which is accessible only behind a web server (as many hosting databases
11are) which can execute some PHP scripts and can connect to the
12database. It is necessary to install some specific PHP scripts on the
13web server which handle the connection and implement the protocol
14described hereafter. Also the PHP interpreter need to be compiled with
15the SimpleXML extension.
16
17It is recommended to use an SSL/TLS web server to avoid clear text
18messages being read by third parties, but even with non SSL/TLS
19connections, the protocol features a reasonnable security by:
20* including a message hash in each message to avoid man in the middle
21 message contents tampering
22* making the server generate a challenge which has to be encoded in the
23 next request by the client to authenticate the client
24* avoiding sending any database name, server name, user name or password
25 in any message
26* having to define, on the web server side, connections which can be opened
27 through the provider; each connection is composed of an arbitrary name,
28 an arbitrary password, and the real connection string the web server
29 will use to actually open the connection to the database.
30
31The exchanges between the provider (client) and the web server are based
32on XML as each message has the following structure:
33
34"
35[message hash]
36<?xml version="1.0"?>
37...
38"
39
40where the [message hash] is a hash for the remaining part of the
41message which is a valid XML message, compiled using the HMAC MD5
42algorithm (see http://en.wikipedia.org/wiki/HMAC) using (except for
43bootstrapping the authentication) a key which is defined as:
44"
45[connection name]/AND/[password]
46"
47where [connection name] and [password] have to represent a connection
48described on the web server side.
49
50For example opening a connection using the web provider from the gda-sql
51tool can be achieved by the shell command:
52
53[prompt]> gda-sql "web://none:MyPass1@HOST=example.com;PATH=libgda-php;DB_NAME=cnc1;PORT=8081;SECRET=MySecret"
54
55for:
56* the example.com web server
57* on port 8081
58* with a server secret: MySecret
59* the /libgda-php script location
60* the defined connection cnc1
61* the password MyPass1 (note that the gda-sql command requires a username when a password is specified which is
62 the reason for the dummy "none" user name here to avoid any user name prompting, or use the -p command line option
63 otherwise)
64
65
66Installation
67------------
68
69See php/README for more information.
70
71