Message Board
| Message Board > Programming > Database access from applications |
| January 7, 2006, 23:02 | |
|
PEader
お前はもう死んでいる 1486 posts 
|
How does one store a password to the database in an executable without comprimising system integrity? I was going to do some java and use a db connection in the class but java can be so easily decompiled by anyone I'm at a loss as to how it can be done without giving the world your password. Does anyone know how? ____________ I see 57,005 people. |
| # | |
| January 7, 2006, 23:12 | |
|
Fiona
games are terrible -9616558 posts 
|
Encrypting your password inside the code?
____________ laffo |
| # | |
| January 7, 2006, 23:13 | |
|
Frimkron
Frustrated Megalomaniac 703 posts 
|
I'm told the answer is that basically your password isn't going to be secure at all, so if you have to create an executable that connects to a remote database, you should make sure it only logs in with the permissions it really needs. Apparently MySQL has millions of different permissions you can set. OR Go through a server program that does the database update for you. [Edited on January 7, 2006 by Frimkron] ____________ |
| # | |
| January 8, 2006, 01:01 | |
|
PB
Defender of the faith 630 posts 
|
I guess Ferrets idea is not so bad, or you could store the password in an encrypted file and read that in code or something. There also is software that can make Java code almost unreadable, this makes decompiling harder. It's still possible, but it would take mutch work to find out what a simple piece of code does. I'll see if I can find back what the software was called... EDIT: This type of software is called obfuscator, as you probably already knew (I forgot the genre name). You can pick your favorite here, if you like... [Edited on January 8, 2006 by PB] ____________ |
| # | |
| January 8, 2006, 01:42 | |
|
PEader
お前はもう死んでいる 1486 posts
|
Quoting Frimkron: I'm told the answer is that basically your password isn't going to be secure at all, Yrah I know that already sherlock, it is the reason for the thread.Quoting Frimkron: so if you have to create an executable that connects to a remote database, you should make sure it only logs in with the permissions it really needs. Apparently MySQL has millions of different permissions you can set. Come on Frimkron work harder, you are hardly going to give someone complete access to your database. For this purpose you would limit the table the user can access and the columns they can read. However as I'm sure you are well aware alot of hosting providers wont let you create mysql users or will give you very limited options when creating users so you would only be able to limit on the actions and not the columns or tables. Quoting Frimkron: OR What do you mean exactly, do you mean create my own server and protocol or use some sort of http based crap? Both of which lose the SQL functions I would want to use.Go through a server program that does the database update for you. Quoting PB: I guess Ferrets idea is not so bad, or you could store the password in an encrypted file and read that in code or something. You would need to store the key for the decryption so the same problem just adding a layer of obsfucation.Quoting PB: There also is software that can make Java code almost unreadable, this makes decompiling harder. It's still possible, but it would take mutch work to find out what a simple piece of code does. I'll see if I can find back what the software was called... EDIT: This type of software is called obfuscator, as you probably already knew (I forgot the genre name). You can pick your favorite here, if you like... It still doesn't protect it it just makes it harder to find. You could encyrpt the exe and then decrypt it with a loader making it harder to get the information from the binary but the hardened cracker could get it from a memory dump or something. I guess there is no way to give a user a password and prevent them from seeing it. I had more than an inkling of this but I thought someone might know of a way. ____________ I see 57,005 people. |
| # | |
| January 21, 2006, 02:47 | |
|
Rhovanion
Exterminated 666 posts |
connecting automatically it is impossible. Not if you enter the password (e.g. in a field) everytime you use the exe...
____________ |
| # | |
Message Board > Programming > Database access from applications