0

I would like to create application and distribute it to many users. My application has to communicate with mysql database. For example to valid serial number or to store/read information about certain user.

I can not store/hard-code mysql login and password in program, because it is reversible within minutes, one cracker and then he has complete access to my database.

My question is: How do companies/programmers solve this problem?

Is a good idea to make http requests and process it via PHP which will talk directly to mysql? (prevention against spammers?)

Or maybe to create a server<-->client so there is a listen daemon server, which accepts packets, which are checksummed somehow to make it harder to fake packet and this server programm will communicate with mysql.

Wiggler Jtag
  • 669
  • 8
  • 23
  • Check for encryption technologies. – πάντα ῥεῖ May 17 '14 at 08:28
  • Encryption of hard-code storing password in a code? I don't know if it is only one way to go. – Wiggler Jtag May 17 '14 at 08:30
  • There are few alternates below 1) Ask the user for a password -> In many cases, it is the user who should know the password, not the program! This is the best solution 2) Keep password in a separate file 3) Encrypt -> Your app must have Decrypt key to get the password, Libraries providing encryption algorithms like 3DES, RSA, are available for all common programming languages and platforms. 4) Hash passwords: Keep password hashed instead of in plain text. – Pankaj May 17 '14 at 08:42
  • Please, see also [here](http://stackoverflow.com/questions/1484440/saving-passwords-inside-an-application). – Shoe May 17 '14 at 08:47
  • Thanks! @Pankaj what did you mean about Ask the user for a password? U're talking about user's password, but this should go over mysql's password, which I am talking about. – Wiggler Jtag May 17 '14 at 09:00

0 Answers0