Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Learn more about Collectives

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Learn more about Teams

I am writing a piece of software in Java that needs to connect to an online database in order to collect some information! I want to sell this software under my company, but the problem is Oracle has licenced the JDBC driver under GPL, which, I am correct, means that I can not redistrubute the driver in any way, amongst other limitations!

The only alternative I can see is to use PostgreSQL, as the driver is licenced under BSD as far as I am aware, which means that you can basically do what every you like with it. But I have spoken with my web host, JustHost and they have basically said that they do not support PostgreSQL and have no plans to, so if I wanted to host a PostgreSQL database with them I would have to pay for a dedicated server, rather rudely may I add. They was quite honest though, and they did say it would be cheaper to transfer to another web hosting company who support PostgreSQL!

As a last resort, I could just use a simple text file to transfer the information. But my only worry here is security. Some of the information stored in the database is confidential, well, actually, the data that is most confidential it will be licence keys, and maybe emails. This is obviously for when I validate the users licence key upon first use. Maybe it's not so insecure though, I just thought it would be very easy for people to edit the file to suit there needs, etc.

I did think that some kind of php script to provide requested information from a text file that the Java would communicate with may be more secure, but again, I'm not a security expert so I don't know, especially seeing as though I am using a shared host and am not paying for 'https'!

So basically, I would like to know what you would do given my situation please. Have you experienced this dilema before? If so, what do you do? What would you recomend? etc.

@Andy - read this thread, particularly the post by Bill Karwin: stackoverflow.com/questions/2111047/… – Perception Jul 27, 2011 at 13:40 @Asad Thanks - I keep forgetting about the different 'branches' of stackexchange, I will remember it for next time! – Andy Jul 27, 2011 at 14:14 Thanks for your answer, that would have been my accepted answer I think but I think the solution I've accepted is far better. Thank you anyway – Andy Aug 27, 2013 at 20:36 Thanks! MariaDB client (JDBC) is working for me. Oddly, DatabseMetaData#getColumns("", "", tableName, "") returns no column names, but that's easily recoded using a normal query and SHOW COLUMNS . No other source code changes were needed, for my simple application. – Jeff Learman May 6, 2015 at 16:29 MariaDB jdbc is GPLv2. Do not use this in your software if you wish to keep it private/retain rights. – JMess Jul 15, 2018 at 2:09

You can sell your software, and simply list the database / driver as an installation requirement.

Include it in your documentation and job done.

The GPL doesn't mean that proprietary software can't talk to it. It's a prerequisite, not a part of your software.

Also see this similar question:

MySQL licensing and GPL

Update

Also note you can even charge your customer for you providing the service of installing the library. This allows it to form part of your bill, without the customer having to install it themselves.

@Mikavei I don't really want to have to make my users install the driver themselves; I didn't really want any installation requirements, let alone some as technical as this! Apart from the fact that I have read that MySQL told someone that even giving your customers a link to download the driver counts as redistribution and is not permitted! So thanks for replying, but I think that will become a back up plan! – Andy Jul 27, 2011 at 14:09 Read the GPL, there's a get out clause for server / private libraries. As @Perception mentions via his comment. – Michael Jul 27, 2011 at 14:22 The "giving your customer a link" is just complete rubbish. You can even charge a reasonable amount (to cover postage etc) when supplying GPL software. gnu.org/licenses/gpl-faq.html#DoesTheGPLAllowDownloadFee – Michael Jul 27, 2011 at 14:28

What about a small server app that provides webservices to transfer the data? Then only that server app would actually need the JDBC driver.

Edit: For web services look into JAX-WS (here's the java.net reference implementation ).

Using web serices you could encrypt the data using Java's built-in encryption library, transfer the encrypted date and decrypt on the client. Additionally you might transfer some hash (MD5 for example) for the data to ensure it has not been changed.

Thank you for your suggestion, it seems the most 'sensible' up to now, considering I don't really know the GPL licence enough, and although I don't doubt any of the members on here things like this are too risky to assume without a lawyer/solicitor at hand! Please elaborate on your suggestion though! I think I understand what you are getting at, something similar to my PHP script idea but written in Java. However, I would like some more info please because I have never done something like it before! Will I be able to do it on a shared host? AND will it be secure enough w/o 'HTTPS' etc. – Andy Jul 27, 2011 at 14:09 Go with HTTPS if you can. Anything less is only "secure enough" till it gets hacked, then it's too late :-) – Brian Jul 27, 2011 at 14:24 @Andy I can't tell you whether that would work on a shared host since we have our own servers, but it should as long as the host supports Java and maybe some sort of application server (which would make several things easier) - I've updated by answer to give some more hints. Regarding encryption: you could also do that in PHP since the algorithms should not be language dependent. – Thomas Jul 27, 2011 at 14:32 @Brian Unfortunately, HTTPS is a bit expensive for me at the moment; considering my business hasn't even started up yet! Are you saying that without HTTPS, if one person hacks it, it is hacked for everyone? And, is that to the extend that the server app will validate anything, or will that only happen if the hacker shares the crack, etc? AND, when you say "then it's too late", how irreversable is the hack, and what would making it secure again involve? – Andy Jul 27, 2011 at 14:38 @Thomas Please could you look at this help link from JustHost regarding Java. They say their shared host supports 'Java Script' but they only say their dedicated servers support 'Java Server Side'! Unfortunately, I think this means that I can not make such an application, am I correct? – Andy Jul 27, 2011 at 14:50

You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:

a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)

http://www.gnu.org/licenses/gpl-2.0.html

Sorry, I'm a complete novice when it comes to things like this so I don't really get how this is supporting my case? To me is still says that I have to provide my source code, which is something I do not want to do! Could you explain in laymans terms what this means please? – Andy Jul 27, 2011 at 14:09 Andy - you might be best going with Thomas's suggestion, to have your clients communicate with a server app, and only that talks to the DB directly. This is good not only because it avoids your legal worries, but it's actually a better architecture option and you can secure it better, less open to SQL injection etc. – Brian Jul 27, 2011 at 14:23 Thanks for the reply, I think I will look further into Thomas's suggestion. It seems as though it will be more benefical all round! – Andy Jul 27, 2011 at 14:38

Thanks for contributing an answer to Stack Overflow!

• Please be sure to answer the question . Provide details and share your research!

But avoid …

• Asking for help, clarification, or responding to other answers.
• Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers .