0
I had already made web application with access to Mysql database via PHP and know that the configuration files for access to the database are on the server side, being returned only the necessary data to the user’s browser, IE, the user does not have access to such data.
If I make a client desktop application for database access remotely is it possible for someone to reverse engineer to grab the database password via "connectionString"? If so, how should I proceed?
-1
Do not connect the client application directly to the database service, because if there are user names and passwords in your application code, your database will be at risk.
I will give some suggestions so that, according to the architecture of your system, can assess whether it is what can solve your situation.
1- Queries and submissions (requests and replies) can be done via webservice, exchanging data in JSON or XML format, for example. When authenticating the user, I suggest assigning a token to it, which can be sent to each query while the session is active, serving as an access key. Suggestions for creating your webservices Yii2 (PHP) and Django (python)
2- Firebase can be an interesting solution, because it has a database in real time, where it is possible to configure write and read permissions by nodes. Spoiler: The documentation is vast and there are many features for authentication.
That’s what I wanted to know, George Tavares! Thank you!
Browser other questions tagged mysql database server
You are not signed in. Login or sign up in order to post.
I believe that it is not possible, unless it is break of panels of Adm, or consultations that should not have ( but as said: 'I believe' is not certain )
– Matheus Lopes Marques
Thanks. I googled on the subject, but I did not find anything very clear. Thanks ;)
– Douglas Öak
In principle, just do not put the password in the software, and give correct permissions to the correct users. Thus, they will enter the password when logging into the system, and if they directly access the DB they will only be able to do what the soft would already allow. An intermediate solution (more to amaze "curious") is you hash the user password and merge with the DB password, so the original DB password will depend on the user entering the correct password. In both cases, never store the password hardcoded in the software.
– Bacco
Thank you very much, @Bacco
– Douglas Öak