I use a JTDS jar to connect my application android with DB (SQL SERVER) the problem that the (databaseName,user,password) are in Class in my project
ConnURL = "jdbc:jtds:sqlserver://" + **** + ";"
+ "databaseName=" +***** + ";user=" + **** + ";password=****"
is there a solution to hide my (databaseName,user,password)
if someone decompile my app it will have access to DB how can I avoid this big problem
If the app will act as a client-side application:
A better approach would be not to let the application communicate directly with the DB.
Instead, have a server running as a web-service to act as an in-between layer between the application and the DB. This way, only the server has access to the data in the DB, and the applications can only interact with the APIs defined by your server, which can guard against things such as malicious SQL statements.
If the app is a server-side app:
It is a good idea to avoid hardcoding DB information into your application (because changing the app would require an app recompile).
To avoid encoding DB information directly in your application code, you could store DB information in an external .properties file, such as:
db.server=myserver.com
db.name=myDB
db.user=user1
db.pass=pass1
Then you could distribute your application and properties file separately, or encrypt the properties file.
Then load the properties file at runtime:
Properties dbProps = new Properties();
InputStream is = new FileInputStream("database.properties");
prop.load(is);
String connURL = "jdbc:jtds:sqlserver://" +
dbProps.getProperty("db.server") +
";databaseName=" + dbProps.getProperty("db.name") +
";user=" + dbProps.getProperty("db.user") +
";password=" dbProps.getProperty("db.pass");
