Security MYSQL Android

Asked

Viewed 115 times

2

I’m doing a login system. But I’m in doubt:

I connect to the database through PHP? I mean I would just open the link and the Server would execute the procedure?

or do it directly from the app via the Nector ? If I go through the app, won’t the user be able to see the Server login, password ? Thank you !

2 answers

1

The correct is to do it by PHP (web service), so the application has no knowledge of the credentials used to access the database, and this portion of the code is isolated in the web service. In addition the connection to the bank will become more stable (cellular connections tend to be less stable).

1


It is extremely not recommended to use "connectors" of banks in android to external databases, because you would expose the data of your server in the android application(.apk), can be decompiled and the data be accessed.

I recommend you do as @Piovezan commented, use Webservices!

I will list some perks:

1 - More security guard and stability.(Server security data will not be exposed in the code)

2 - Abstraction of server security logic (You will make a request and the server will handle).

3 - The Logic of the webservice may be shared with other services that need these of your database data(Any application may contact the service and have access to your data)

Some tutorials that can help you:

http://www.androidhive.info/2014/01/how-to-create-rest-api-for-android-app-using-php-slim-and-mysql-day-12-2/

http://www.androidhive.info/2012/05/how-to-connect-android-with-php-mysql/

http://www.restapitutorial.com/

Good luck!

  • Thank you ! I will follow your tips!

Browser other questions tagged

You are not signed in. Login or sign up in order to post.