Keeping connection strings secure
-
This is a somewhat wide subject, so the QnA was inappropriate. I am working on some games and apps, and they need to talk to some MySQL servers and/or Azure resources, and so I need some connection strings. Usually I've made internal tools, where having the connection strings in code or in a XML or Json -file, was unproblematic. Now I'm having the issue that APK's are basically Zip-files, and .net executables are de-compilable. My first solution is to setup an intermediary web service to keep the connection strings unavailable from the app. But I can't help but think that I'm missing something here. Also, an extra middle-man webserver, increase the possible bottle-necks and failure points What are this community's thoughts on the subject? Thanks for your time!
-
This is a somewhat wide subject, so the QnA was inappropriate. I am working on some games and apps, and they need to talk to some MySQL servers and/or Azure resources, and so I need some connection strings. Usually I've made internal tools, where having the connection strings in code or in a XML or Json -file, was unproblematic. Now I'm having the issue that APK's are basically Zip-files, and .net executables are de-compilable. My first solution is to setup an intermediary web service to keep the connection strings unavailable from the app. But I can't help but think that I'm missing something here. Also, an extra middle-man webserver, increase the possible bottle-necks and failure points What are this community's thoughts on the subject? Thanks for your time!
-
This is a somewhat wide subject, so the QnA was inappropriate. I am working on some games and apps, and they need to talk to some MySQL servers and/or Azure resources, and so I need some connection strings. Usually I've made internal tools, where having the connection strings in code or in a XML or Json -file, was unproblematic. Now I'm having the issue that APK's are basically Zip-files, and .net executables are de-compilable. My first solution is to setup an intermediary web service to keep the connection strings unavailable from the app. But I can't help but think that I'm missing something here. Also, an extra middle-man webserver, increase the possible bottle-necks and failure points What are this community's thoughts on the subject? Thanks for your time!
Frank R. Haugen wrote:
Now I'm having the issue that APK's are basically Zip-files, and .net executables are de-compilable.
Does not seem an issue for Rimworld.
Frank R. Haugen wrote:
What are this community's thoughts on the subject?
If you can't afford the user in the database, don't give away the connectionstring. Simple as that. Third parties can't keep secrets on a computer that isn't theirs. Who is going to be the "owner" of the data? You, or the user? Is the user going to be allowed to make changes? If no, simply give them a connection-string that's hooked to a user with limited (read) access.
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^] "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.