0

I'm working on a new personal project and I'm creating an App made in Xamarin and I want to connect it to an Azure SQL database.

My first question: Should I create an API to handle the connection to the Database or is it enough to only use Enitity Framework with models?

My secound question: How do I secure the database password, is it safe to keep it in the appsettings.json?

Thanks!

CodeBuddyBenny
  • 195
  • 1
  • 3
  • 10
  • About connecting to Azure DB in xamarin by Azure API, you can take a look:[How to connect a Xamarin app to a SQL Azure DB](https://stackoverflow.com/questions/46015474/how-to-connect-a-xamarin-app-to-a-sql-azure-db) – Cherry Bu - MSFT Apr 27 '21 at 10:58

1 Answers1

0

Yes, you should create a REST API and expose its endpoints that your application can interact with. There're tons of reasons why you should NOT connect directly from your client application. You can review them in this answer: https://stackoverflow.com/a/13471874/12128089. In a nutshell the most 2 important are:

  • Speed: Handles connection to a remote database with limited memory, can kill your application.
  • Security: Frontend applications, in general, are vulnerable and attackers can obtain credentials of your database, and if your permissions are set up wrong, they could wipe your database.
Dylan
  • 381
  • 2
  • 5
  • 18
  • awesome thank you Dylan! I've found any reasons why it's safe to store the database password in the appsettings.json in the REST API, do you know if it is safe? – CodeBuddyBenny Apr 28 '21 at 14:17
  • I didn't see your comment notifications, however, I am going to answer if you still don't know. appsettings.json is safe as long as you keep it safe, in other words, if this file gets leaked, the attacker could know your secret keys. In my opinion, you should store your secrets in the secret vault where it's more difficult to attack. – Dylan Jul 03 '22 at 04:07