0

I'm new to Android. I'm developing and Android app which contains some database calls. I'm sending DB_USERNAME, DB_PASSWORD as parameters in POST request to PHP and then get MYSQL Database connection using PHP.

Is it good to pass Database User Name and Password as Parameters ?

or

Should we give Database User Name and Password in PHP ?

Thanks in advance.

Nimmagadda Gowtham
  • 270
  • 4
  • 19
  • I wouldn't send the DB username, password as parameters. Have them in the PHP. – chris85 Jul 22 '16 at 19:21
  • Will be there any Security Issue, if we have DB User Name and Password in PHP File ? – Nimmagadda Gowtham Jul 22 '16 at 19:24
  • You can store the credentials in a file not web accessible, then include that file in your PHP project. Without the include you could potentially expose the username/password if the PHP is served as plain text for some reason. http://stackoverflow.com/questions/97984/how-to-secure-database-passwords-in-php – chris85 Jul 22 '16 at 19:32

1 Answers1

0

By asking this kind of question i highly recommend you to first read into the basics of web-security!! :)

Sending credential´s over the web to your server for it to access a database is an absolut no-go.

  • Your webserver stores the credential´s in a seperate file which is not accessible through the web. You can do that by having the credential-file outside of the document-root of your webserver.
  • Furthermore: Your DB-Server should only accept communication from trusted IP`s. If youre web-app instance and DB-instance are on the same server, only accept from localhost.

You probably want to authenticate youre app-clients for limiting the accessibility of your database calls. Commonly you send the clients credentials once, which the server validates and responds with an auth-token. For any further communication the token is used, which invalidates after defined period of time. (Token-Based Authentication)

The idea is to minimize the exposed time frame of the credential`s. Even if you use SSL encryption for.

Best of luck Hannes

Hannes
  • 311
  • 3
  • 9