0

I want to create a client-database application using Java and MySQL. As far as I know, Java can be decompiled and using MySQL directly from the client, the database credentials would be exposed.

How can I create a Java client using a MySQL server, without the user being able to figure out my database credentials?

Pixark
  • 385
  • 1
  • 4
  • 13
  • You could try storing them in an encrypted String. You could ask the user to provide user credentials... – MadProgrammer Jul 03 '13 at 08:27
  • Try [this](http://stackoverflow.com/questions/442862/how-can-i-protect-mysql-username-and-password-from-decompiling) answer – Dmitry Kuskov Jul 03 '13 at 08:27
  • If MySQL is running locally together with your application there is absolutely **no** way you can prevent access to it. –  Jul 03 '13 at 08:28

3 Answers3

1

If you are creating web applications, then you can create datasources in server configuration files. That way, your database credentials will be in the server file itself and you can just use the datasource name in java fiels.

Prasad Kharkar
  • 13,410
  • 5
  • 37
  • 56
0

You client has to know database credentials in order to connect.

You'll have to create server for your application which will have API for clients and connect to database itself. API will hide everything you need and even will be independent of RDBMS type. Refer Client-server model here

Tala
  • 8,888
  • 5
  • 34
  • 38
0

Nothing will fully save you from third parties to reverse engineer your app and grab your database credentials. Do not hardcode them into your app in any form.

I think the most adequate solution for your problem is adding some flavor of authorization.

You can add layer between your app and database (service layer like SOAP, or something like REST api) and limit permissions per user. Another option would be to use mysql's permission management.

Hope this will help.

Eugene Loy
  • 12,224
  • 8
  • 53
  • 79