MySQL support

[ptuchik]

Sometimes it is needed to create an app which works with MySQL instances either local or remote, for those cases I suggest to rebuild PHP with pdo_mysql extension included.
I did it already on my local end and it works.

Thank you in advance

[mouradsme]

Can you share how you rebuilt PHP with PDO_MYSQL support? I need to do the same thing on my end.

[ptuchik]

You can use this to build by yourself https://github.com/crazywhalecc/static-php-cli, but I downloaded already built 8.2 from here https://dl.static-php.dev/static-php-cli/common/ which includes PDO_MYSQL, and just replaced the original 8.2 in vendor/nativephp/php-bin/bin/mac/arm64/php-8.2.zip, you can do the same for the other OS as well

[mouradsme]

You can use this to build by yourself https://github.com/crazywhalecc/static-php-cli, but I downloaded already built 8.2 from here https://dl.static-php.dev/static-php-cli/common/ which includes PDO_MYSQL, and just replaced the original 8.2 in vendor/nativephp/php-bin/bin/mac/arm64/php-8.2.zip, you can do the same for the other OS as well

Thanks for the rapid response. I tried doing what you suggested, but NativePHP still uses SQLite instead of MySQL even though I explicitly set the driver to 'mysql' in the .env file.

[simonhamp]

⚠️ If you're connecting to a remote MySQL instance, you're almost certainly exposing that remote database to attack, including data corruption and exfiltration.

There's no practical way to have a client app connect directly to a remote database server safely, except through some kind of proxy.

This is why most DB tools offer connecting over a secure SSH tunnel to the host machine first. This is the most secure option, but the setup is complex and certainly not "push-button".

Alternatively, it may be possible to use SSL, but bear in mind that the certificate files will need to be distributed with every copy of your app and won't be unique to individual users, which means if they are exposed to an attacker, now they have access to your DB too and blocking them will block everyone.

The better approach overall - and most recommended by every security expert I've ever spoken to - is to stand up a secure API service around your database, which is able to generate unique tokens (API keys) on demand for each client. These should be short-lived, limited in scope, and easily revoked.

In my experience, OAuth2 is a very good standard (but by no means the only option) that more than meets all of these requirements, allowing you to combine a long-lived client secret with user credentials to generate expiring/refreshable authorisation grants.

It's relatively easy to stand up an OAuth2 server and have your NativePHP app request tokens on behalf of your users.

The API itself should also be accessible only over HTTPS.

This is quite a complicated approach (especially if you've never done it before) and you may choose to skip some of this, especially if you trust the devices where you're app is being installed and the people using them.

But even then, I'd strongly encourage you to consider having a zero-trust approach.