I’d like to ask is making connection to mysql in code of client-side application (desktop application) is proper? Isn’t it unsafe (disassembling of app / sniffing to get database password) ? I am writing in C++.
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’d like to ask is making connection to mysql in code of client-side application (desktop application) is proper? Isn’t it unsafe (disassembling of app / sniffing to get database password) ? I am writing in C++.
If the security of your data is important, then you’re correct — you cannot safely embed the password inside your client. Your best bet is that each user have their own password and they must provide it to the client in order to access your database, and your database will have user level permissions.
If user level permissions are not an option for you, then you should consider removing direct access to the database completely. Instead, provide web access to deliver JSON or XML (for example); this simplifies your client app and also allows you to enforce strict security rules at the web app level.