normaly i programm only Desktop Apps, but i try atm to realise a small Project in as a WebApp.
i etablish a mysql Connection in this webapp, and im asking me how safe is it to write:
myDatabase.Password = "myclearpassword"
or safing the password in a constant… to code it in base64 is not very secure too…
how do you protect your db password? is it needed to protect it?
would be nice to get some feedback…
thanks & greetings from Austria
No matter how you store it, a hacker that has access to your server will always be able to get it one way or another. If you have it in you app as clear text or as a constant don’t really matter. It can be reverse engineered. What’s more important is how secure your server is
Someone connecting to your app do not have access to the binary executable that is your app so they can not get/see the password.
Use obfuscation on your important strings. Arbed has obfuscation built in to it (on sale now as part of the XJ Bundle). We also have a free utility http://www.bkeeney.com/obfuscate/.