Announcement

Collapse
No announcement yet.

How To Connect to a MySQL Database with Higher Security?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • How To Connect to a MySQL Database with Higher Security?

    Friends, I need to connect a MySQL Database but it is a risk...
    Because there are some decompilers for AMS, The Variables contain database username and password stored on memory and accessible and ... many other problem.

    Please help me to increase security of this connection and execute and other actions.

    Thanks all.

  • #2
    Usernames and passwords should not be stored inside the program. If your program needs to communicate with a database, then you should provide a safe interface to the database. The first point is that the account used to connect to the database should not have more rights than absolutely necessary. If you use an ODBC connection, then this would mean that the user account shouldn't be able to perform commands like DROP, DELETE, TRUNCATE, etc. on the database. Better yet would be using a tunnel for communicating with the database, which would isolate the connection parameters and the database from the application. Use something like a PHP or ASP interface to send requests to from the application, the server side scripting parses the request and checks if it is safe/allowed, executes the query and returns the result to the calling process, for example formatted as XML.

    Your application and database should be safe even if somebody gets the source code of the application.

    Ulrich
    Last edited by Ulrich; 05-30-2015, 10:28 PM.

    Comment


    • #3
      Thanks a lot for your reply.
      I decided to use PHP for connect and executes my queries.
      But there are a problem!

      If anyone access my codes can find all addresses of php files on my server, connect and executes any query that he/she wanted.
      I want to use a unique ID such as token, but I dont know how to generate, spend, transfer to my program and uses it, and expire it.



      Please help me,
      Thanks.

      Comment

      Working...
      X