Php vs Python gui (tkinter...) for small remote database app

Tomasz Rola rtomek at ceti.pl
Tue Jun 15 11:16:04 EDT 2021 

On Tue, Jun 15, 2021 at 08:39:51AM +1200, dn via Python-list wrote:
> On 15/06/2021 07.17, Pascal B via Python-list wrote:
> > Hi,
> > I would like to know if for a small app for instance that requires a connection to a remote server database if php is more suitable than Python mainly regarding security.
> > Php requires one port for http and one port for the connection to the database open. If using Python with a tkinter gui, I understand a small app can connect to a database so only one port to the database would need to be accessed/open listening to connection. So I would need to worry less about security if using Python over Php for something small, like a small python app that I give over to users.
> > 
> > Am I missing something in this assertion?
> 
> Yes - or maybe I'm missing the point of your question?
> 
> There are two connections to consider: the database and the GUI.
> 
> 
> Database:
> 
[...]
> 
> 
> GUI:
> 
[...]
> The (Internet-connected) world runs on TLS. If you wish to
> secure/encrypt communications between application and server, this is
> accepted by most. If you wish to 'secure' by reducing inter-connections,
> then using tkinter and its tight-linkage to Python removes the need for
> the (http) web-server.

I would rather go with https-based "app", but not necessarily in PHP,
if security is to be considered (albeit I am not sure if Python
framework would do better).

Nowadays, there should be a firewall and server sitting behind it
(this is simple description, let us not put load balancing, many
servers etc into the mix, or if firewall really helps). So, in case of
http(s), there should be more tutorials and hints about doing this
well. Browser would do the gui side, http server will talk to the
database and to the world, but database itself is secured (hopefully)
from outside access. I suspect it is easier to secure web server than
db from various kind of 'kacks'. If you go with well rounded Python
framework, you can count on its authors carefully thinking about
various threats to apps written in it. Sorry, I cannot give any hints
- see, I rather deteste browser based apps, so this advice goes
against my own liking but one should be objective when giving
advices...

If you are truly new to this all, I suggest CGI, especially if you
want to do some proof of concept prototype, quickly. CGI is quite easy
to understand and as long as you are working out communications
between your code and DB, I think it simplifies the job a lot. Later
on, choose your framework and do the gui.

If you go with tkinter, then you will have to do the job already done
by authors of web server and web framework, you will have to rethink
various problems they gave their thoughts to, but in much shorter time
and on your own.

-- 
Regards,
Tomasz Rola

--
** A C programmer asked whether computer had Buddha's nature.      **
** As the answer, master did "rm -rif" on the programmer's home    **
** directory. And then the C programmer became enlightened...      **
**                                                                 **
** Tomasz Rola          mailto:tomasz_rola at bigfoot.com             **

More information about the Python-list mailing list