Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Php vs Python gui (tkinter...) for small remote database app
142 views
Skip to first unread message
Pascal B
Jun 14, 2021, 3:57:04 PM6/14/21
to
Hi,
I would like to know if for a small app for instance that requires a connection to a remote server database if php is more suitable than Python mainly regarding security.
Php requires one port for http and one port for the connection to the database open. If using Python with a tkinter gui, I understand a small app can connect to a database so only one port to the database would need to be accessed/open listening to connection. So I would need to worry less about security if using Python over Php for something small, like a small python app that I give over to users.
Am I missing something in this assertion?
I would like to know if for a small app for instance that requires a connection to a remote server database if php is more suitable than Python mainly regarding security.
Php requires one port for http and one port for the connection to the database open. If using Python with a tkinter gui, I understand a small app can connect to a database so only one port to the database would need to be accessed/open listening to connection. So I would need to worry less about security if using Python over Php for something small, like a small python app that I give over to users.
Am I missing something in this assertion?
Paul Rubin
Jun 14, 2021, 4:04:37 PM6/14/21
to
You have to worry either way, and you might consider a VPN to help
mitigate the remote connection issues. A simple web UI might also be
easier to manage than a tkinter gui, in the sense that you could update
the app on the server side instead of having to update the tkinter app
for each of your users.
mitigate the remote connection issues. A simple web UI might also be
easier to manage than a tkinter gui, in the sense that you could update
the app on the server side instead of having to update the tkinter app
for each of your users.
dn
Jun 14, 2021, 4:40:23 PM6/14/21
to
> Am I missing something in this assertion?
Yes - or maybe I'm missing the point of your question?
There are two connections to consider: the database and the GUI.
Database:
In each case, the programming-language must make a connection to the
Database Management System. The API, the manner for doing-so may vary
slightly between DBMS-es, but will not particularly between languages.
Thus, if we talk about MySQL/MariaDB, the data which must be exchanged
between language and DBMS is identical (even if the code, and appearance
of the 'variables' differs).
As far as security goes, the different DBMS-publishers have decided, in
their wisdom, to select different IP-ports for communication with their
products (see
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers). Please
refer to (their, cf Python's) specific documentation to ascertain
security and encryption options.
GUI:
There's a bit of 'chalk and cheese' in this question. PHP is built
around HTML. HTML requires an HTTP server (ignoring the interpreter
built-in to a web-browser). Thus, PHP or Python (likely Python plus
Flask or some other framework) will need to connect to
httpd/Apache/NGINX/etc, in similar fashion to the above. In this case,
the choice of IP-port is more standard - 80 for http and 443 for https.
Whereas tkinter is a module which can be import-ed into a Python
program(me). There is no separate server. Thus no need for an
IP-connection between application and front-end.
The (Internet-connected) world runs on TLS. If you wish to
secure/encrypt communications between application and server, this is
accepted by most. If you wish to 'secure' by reducing inter-connections,
then using tkinter and its tight-linkage to Python removes the need for
the (http) web-server.
--
Regards,
=dn
Tomasz Rola
Jun 15, 2021, 11:25:29 AM6/15/21
to
On Tue, Jun 15, 2021 at 08:39:51AM +1200, dn via Python-list wrote:
> On 15/06/2021 07.17, Pascal B via Python-list wrote:
> > Hi,
> > I would like to know if for a small app for instance that requires a connection to a remote server database if php is more suitable than Python mainly regarding security.
> > Php requires one port for http and one port for the connection to the database open. If using Python with a tkinter gui, I understand a small app can connect to a database so only one port to the database would need to be accessed/open listening to connection. So I would need to worry less about security if using Python over Php for something small, like a small python app that I give over to users.
> >
> > Am I missing something in this assertion?
>
> Yes - or maybe I'm missing the point of your question?
>
> There are two connections to consider: the database and the GUI.
>
>
> Database:
>
[...]
> On 15/06/2021 07.17, Pascal B via Python-list wrote:
> > Hi,
> > I would like to know if for a small app for instance that requires a connection to a remote server database if php is more suitable than Python mainly regarding security.
> > Php requires one port for http and one port for the connection to the database open. If using Python with a tkinter gui, I understand a small app can connect to a database so only one port to the database would need to be accessed/open listening to connection. So I would need to worry less about security if using Python over Php for something small, like a small python app that I give over to users.
> >
> > Am I missing something in this assertion?
>
> Yes - or maybe I'm missing the point of your question?
>
> There are two connections to consider: the database and the GUI.
>
>
> Database:
>
>
>
> GUI:
>
[...]
> The (Internet-connected) world runs on TLS. If you wish to
> secure/encrypt communications between application and server, this is
> accepted by most. If you wish to 'secure' by reducing inter-connections,
> then using tkinter and its tight-linkage to Python removes the need for
> the (http) web-server.
I would rather go with https-based "app", but not necessarily in PHP,
> secure/encrypt communications between application and server, this is
> accepted by most. If you wish to 'secure' by reducing inter-connections,
> then using tkinter and its tight-linkage to Python removes the need for
> the (http) web-server.
if security is to be considered (albeit I am not sure if Python
framework would do better).
Nowadays, there should be a firewall and server sitting behind it
(this is simple description, let us not put load balancing, many
servers etc into the mix, or if firewall really helps). So, in case of
http(s), there should be more tutorials and hints about doing this
well. Browser would do the gui side, http server will talk to the
database and to the world, but database itself is secured (hopefully)
from outside access. I suspect it is easier to secure web server than
db from various kind of 'kacks'. If you go with well rounded Python
framework, you can count on its authors carefully thinking about
various threats to apps written in it. Sorry, I cannot give any hints
- see, I rather deteste browser based apps, so this advice goes
against my own liking but one should be objective when giving
advices...
If you are truly new to this all, I suggest CGI, especially if you
want to do some proof of concept prototype, quickly. CGI is quite easy
to understand and as long as you are working out communications
between your code and DB, I think it simplifies the job a lot. Later
on, choose your framework and do the gui.
If you go with tkinter, then you will have to do the job already done
by authors of web server and web framework, you will have to rethink
various problems they gave their thoughts to, but in much shorter time
and on your own.
--
Regards,
Tomasz Rola
--
** A C programmer asked whether computer had Buddha's nature. **
** As the answer, master did "rm -rif" on the programmer's home **
** directory. And then the C programmer became enlightened... **
** **
** Tomasz Rola mailto:tomas...@bigfoot.com **
Menno Holscher
Jun 15, 2021, 12:21:41 PM6/15/21
to
Op 14-06-2021 om 21:17 schreef Pascal B via Python-list:
In the case of a PHP (or any web app for that matter) you indeed have to
worry about the security of the connection to the browser. But, e.g. the
access to the database is only in one place, on the server. If you use a
Tkinter application, each user will have the access to the database at
his/her own machine, causing other worries than connection security. The
attack vector may be different, but the worries are no less or more in
one of the solutions.
First investigate what you need to be afraid of/worried about, do not
make a decision on a simple criterion like the number of connections.
--
Met vriendelijke groet / Kind regards
Menno Hölscher
> Hi,
> I would like to know if for a small app for instance that requires a connection to a remote server database if php is more suitable than Python mainly regarding security.
> Php requires one port for http and one port for the connection to the database open. If using Python with a tkinter gui, I understand a small app can connect to a database so only one port to the database would need to be accessed/open listening to connection. So I would need to worry less
about security if using Python over Php for something small, like a small
python app that I give over to users.
>
> Am I missing something in this assertion?
>
There is no difference regarding security concerns.
> I would like to know if for a small app for instance that requires a connection to a remote server database if php is more suitable than Python mainly regarding security.
> Php requires one port for http and one port for the connection to the database open. If using Python with a tkinter gui, I understand a small app can connect to a database so only one port to the database would need to be accessed/open listening to connection. So I would need to worry less
about security if using Python over Php for something small, like a small
python app that I give over to users.
>
> Am I missing something in this assertion?
>
In the case of a PHP (or any web app for that matter) you indeed have to
worry about the security of the connection to the browser. But, e.g. the
access to the database is only in one place, on the server. If you use a
Tkinter application, each user will have the access to the database at
his/her own machine, causing other worries than connection security. The
attack vector may be different, but the worries are no less or more in
one of the solutions.
First investigate what you need to be afraid of/worried about, do not
make a decision on a simple criterion like the number of connections.
--
Met vriendelijke groet / Kind regards
Menno Hölscher
Grant Edwards
Jun 15, 2021, 1:20:57 PM6/15/21
to
On 2021-06-15, Menno Holscher <mennoh...@gmail.com> wrote:
> There is no difference regarding security concerns.
I find that hard to believe given the long list of CVEs I've just had
> There is no difference regarding security concerns.
to sort through for even fairly recent versions of PHP. I just can't
belive that Python has anywhere close to that many secruity issues.
--
Grant Edwards grant.b.edwards Yow! I'd like some JUNK
at FOOD ... and then I want to
gmail.com be ALONE --
Menno Holscher
Jun 15, 2021, 7:52:13 PM6/15/21
to
Op 15-06-2021 om 19:14 schreef Grant Edwards:
and "Does the supplier/community react promptly to security problems?".
In case of PHP indeed the safety of the platform is a worry, however,
apparently if there is a problem, action is taken.
How does the Tkinter/TCL/TK software or the PyQt/Qt do in that respect?
Just looking at the number of CVEs, is that enough? What if one of these
stacks has few, but long outstanding security problems? Would that be
better or worse than the situation for PHP?
As an aside, I do not know the amount of CVEs PHP nor Python is
receiving. When I search the NIST CVE database for the word Python I get
43 hits for the last 3 months. None of those are against the language or
the CPython interpreter and only 1 against a Standard Library package or
module (urllib3). A lot of the others are for web frameworks and
extensions for those, as well as Tensorflow. So as you argue, it seems
Python does really well as a secure development platform.
> On 2021-06-15, Menno Holscher <mennoh...@gmail.com> wrote:
>
>> There is no difference regarding security concerns.
>
> I find that hard to believe given the long list of CVEs I've just had
> to sort through for even fairly recent versions of PHP. I just can't
> belive that Python has anywhere close to that many secruity issues.
>
An excellent example. The "concerns" here are "Is this platform safe?"
>
>> There is no difference regarding security concerns.
>
> I find that hard to believe given the long list of CVEs I've just had
> to sort through for even fairly recent versions of PHP. I just can't
> belive that Python has anywhere close to that many secruity issues.
>
and "Does the supplier/community react promptly to security problems?".
In case of PHP indeed the safety of the platform is a worry, however,
apparently if there is a problem, action is taken.
How does the Tkinter/TCL/TK software or the PyQt/Qt do in that respect?
Just looking at the number of CVEs, is that enough? What if one of these
stacks has few, but long outstanding security problems? Would that be
better or worse than the situation for PHP?
As an aside, I do not know the amount of CVEs PHP nor Python is
receiving. When I search the NIST CVE database for the word Python I get
43 hits for the last 3 months. None of those are against the language or
the CPython interpreter and only 1 against a Standard Library package or
module (urllib3). A lot of the others are for web frameworks and
extensions for those, as well as Tensorflow. So as you argue, it seems
Python does really well as a secure development platform.
0 new messages