Which database should I use in a small desktop application?

13

I read a little of Meta and I thought that this question does not go far from the current rules of the site. Risking losing reputation, come on:

I currently work in a small company that currently manages very sensitive data (documents, addresses, phones, etc.) by Excel, which often gives a lot of headaches (huge spreadsheets, redundant data, impossible to manage efficiently ). In this, I thought about making a program to be able to manage this data in a more skilful way.

I chose C # as a programming language and Windows Forms (it's an internal application - so there's no need to be "pretty" - and I'm actually easier on Windows Forms) but I've got some gruesome doubts in the database: / p>

  • As a .NET application, using MySQL is still a good option or SQL Server is more secure, in question of integrating the database with the rest of the project (maybe MySQL has some problems with .NET?)?
  • First I chose to set up a local server in the office, and leave the application on the notebook, leaving the desktop unique to be the database. However, one can see this as "wasted resources" (leaving the computer stopped and turned on without "using"). Would it be safe to leave it productive (with a person using it to read emails, access the internet, etc.) and at the same time save the application data? Or should I isolate it to just save the data?
  • I also thought about using a VPS to save the data, making it possible to use the program in other places (which can be useful). However, I would have to protect the database against attacks that would not be necessary if the database was local (if it were a local someone could steal the computer with the data, but that's another story). Is it more feasible to invest a little in leaving the data in the cloud or being safer and leaving it locally?
  • I may be being overdone. It would also be possible to save the data along with the application, rather than configuring a server just for that. However, I find this somewhat wrong and unsafe, but I may be wrong.
  • About the project data: These are Brazilian documents (RG and CPF), telephone, email, address and full name. It's not such a high-profile company as to use "heavy" encryption, but I can not afford to leave it unprotected.

    Some information I did not remember before putting it here was the opinion of some that I asked elsewhere, which was that I am exaggerating and should stay in Excel to avoid complicating things further. I disagree with this since there has been a lot of disruption with these data being improperly stored, but perhaps there is some other approach that I may take that I am not seeing.

    It is a question that is preventing me from starting the production of the project. I argued with some people and I did not reach a consensus. What would be the best action to take in this case?

        
    asked by anonymous 28.02.2014 / 13:10

    6 answers

    8

    Since it is not a "what database is better" question at all, but rather a "how can I solve a problem" question (and a very common problem), I think the question is valid.

    That said:

      
    • How is a .NET application, using MySQL still a good option or is SQL Server more secure?
    •   

    Both MySql and SQL Server can serve your purpose well. I recommend SQL Server only because it is easier to integrate with .NET applications. If you were to work with PHP or Ruby, I would recommend MySql.

    SQL Server has an Express edition that is free. It has some limitations like using at most a certain amount of memory and processor resources, but for your case, I believe that would be no problem. If SQL Server Express limitations are a problem, then you will not be able to solve your company's problems with only one application of the type you intend to do;)

      

    Firstly, I chose to set up a local server in the office, and leave the application on the notebook, leaving the desktop unique to being the database.

    You can also pay $ 5 a month to host a database in any Internet hole (sorry for the expression, but it's to emphasize the banality of the thing). That way you will not lose the entire database when the machine breaks.

      

    However, somebody may see this as a "waste of resources" (leaving the computer stopped and turned on without "using").

    The next time someone raises this argument, ask the person how much it costs to keep a computer connected during work hours. Look at the impact on the energy bill and be surprised how cheap it is.

      

    Would it be safe to leave it productive (with one person using it to read emails, access the internet, etc.) and at the same time save application data? Or should I isolate it to just save the data?

    You'll just replace Excel, and do nothing as complicated as analyzing genetic material or weather patterns, right? You can run quietly on a regular machine while the desk spends the day on Facebook works on your computer. As long as it's really an ordinary machine, not a wagon (for example, something with two gigabytes of RAM or less, by current standards).

      

    I also thought about using a VPS to save the data, making it possible to use the program in other places (which can be useful). However, I would have to protect the database against attacks that would not be necessary if the database was local (if it were a local someone could steal the computer with the data, but that's another story). Is it more feasible to invest a little in leaving the data in the cloud or being safer and leaving it locally?

    Using a good authentication scheme and saving the salty password hash should be sufficient to protect all the industrial secrets of the military research done for DARPA that your company stores in Excel;)

      

    I may be getting too much of an exaggeration. It would also be possible to save the data along with the application, rather than configuring a server just for that. However, I find this somewhat wrong and unsafe, but I may be wrong.

    If you meant that you can run the application on the same machine as the bank, that's fine. If you meant to save the information in an application's own format and dismiss the bank, no, you're not wrong.

    Editing: Excel has ways to allow group work on the same worksheet. All changes are merged in real time. If you want to keep things simple, maybe this will help. But a database allows information to be better organized and queried more quickly, so I recommend that you continue to search for a database solution.

        
    28.02.2014 / 13:29
    8
  • The important thing is the physical access to the database, because in my view both SqlServer and MySql are safe from a network access point of view.

  • It depends on the confidentiality requirement of the information you will save in this system. But at first, yes, it would be safe, but to be sure, you have to have a deliberation of the importance of the information within the system.

  • Depending on the data types, you may need to leave it on Brazilian soil. I remember a teacher saying that for example Serasa uses cloud in applications but the database stays in Brazil for legal reasons.
  • You can safely save the data to the computer that will use it. You can start with GRANT accesses in the database tables. It's a path ...
  • By suggesting a base, I would suggest firebird or sqlite, sqlite has a data model a bit more flexible than firebird, that might be good or bad, but I think the .NET world is more accustomed to firebird .

        
    28.02.2014 / 13:20
    4

    As it seems to me that the company is looking for a solution that is inexpensive, and does not waste a lot of resources, perhaps an option is to use a shared .Net hosting, and create a web application instead of desktop (I know that this goes against your choice of using windows forms, but believe me, it's an immense advantage.)

    So what are the advantages:

    • People can access data from anywhere

    • Low cost, a good .Net shared-host costs $ 10

    • There are plans to back up data (even at this price)

    • Do not have to deal with the infrastructure part

    • When the company is willing, it can easily migrate to a dedicated host, or even to an internal host (i.e. intranet)

    Disadvantages of this approach:

    • You will need to use a technology you are unfamiliar with (choose ASP.NET MVC if applicable)

    • You will have to worry more about logical data security (you will need to login, and probably use HTTPS and get a trusted source certificate, which will have an initial cost)

      li>
    • The data will not be completely secure, since it is stored on a shared-host

    • Internet connection becomes a necessity

    Note: In Visual Studio you can already create an MVC application that comes with an example, with features like login and data record, just use as a template.

    On the database, I would use SQL Server myself. Shared-host plans usually provide a bank at least, which for a small application serve well.

        
    28.02.2014 / 14:07
    4

    Allow me to answer only point 2 . I will not talk about the other points because I do not have much authority in all of them. But in the server infrastructure part I have:)

    The ideal is always to dedicate the server . It is not good practice to leave users on the computer that is the server itself. The use does not match the critical server level because it contains the life of the company.

    If someone thinks it's a waste of resources, imagine the waste that would be to lose all the data. Even if you have backup to recover, the time spent is usually not worth it. In addition to you as an administrator lose credibility in the company and the company loses credibility with customers if it affects them (no matter how small the damage to the client).

        
    28.02.2014 / 13:25
    3

    You said that you save sensitive data in excel?

    For sensitive data and C # I would prefer to use MS Sql. For not so important data you can use either. "small" bases (with a small base) can use MySql which is now very robust. (IMHO a small base is less than one gigabyte and a large one has more than one terabyte).

    Your biggest insecurity is having the data in a notebook, it can break, be stolen, etc. The right thing would be to have them on a server and for security servers, nor should they have browsers or tools to read emails, regardless of RDBMS used.

    Last but not least. Aggregate value. You will gain experience in a database, will work for months, years with it.

    What do you want to learn? MySql or MS-Sql. In case of adding value to you as a professional I would choose MS-Sql.

        
    28.02.2014 / 13:19
    2

    I believe that by the language that was chosen and if the volume of data that this application will manage, use a DBMS connected to C #, the SQLServer Express itself. Now, for greater ease and reliability, I believe that Mysql is a good choice of DBMS.

        
    28.02.2014 / 14:18