Ales 2 Share Posted April 5, 2016 Hello guys, i am working on application in java which will connect to mysql database remotely. However, i have in java all information about database such as hostname, username and password and table name. A user would have to download jar file and login to system (similliar to all bot softwares), but i am afraid of security risks All jar files can be decompiled and everyone can see source code. They would get all information about database. Is this a security risk and what should i do instead? Thank you , i wanted to ask this on overstackforum but they kept blocking my title. Link to comment Share on other sites More sharing options...
BigBone 4 Share Posted April 5, 2016 Okay so heres how you're going to do it fam. Ok so you're gonna have a server yafeelme? ok and your gonna have a client okyafeelme? Ok heres the short explanation server is run on your computer or vps or something ok? basically it will handle everything such as logging in, logging out, passing data. Since this is on your side they won't have any details on your database etc... ok so the client is next the client is what they run it will send shit like username and password when entered to the server and then wait for a response like .... login(user, pass) return true (logged in yes false no bad guy). store. actually fam pass back something unique ya feel then u go do like getScript(user, scriptid, uniqueshit) then the server will check verify authentic ya feel?? then if all still checks out it will get the script from database then pass it to this client ayyy right??? ok so thats basically secure. Just do note if you use your own personal computer you will be displaying your internets ip and badman like novak will pay 3k to get it ddosed. so be safe use protection lots of condoms (only 1 at a time 2 condoms at once can make it break yafeel>??) ok so have fun and remember subscriber for me! Link to comment Share on other sites More sharing options...
Calle 17 Share Posted April 16, 2016 Ignore the guy above, try Obfustications, there are free ones out there Link to comment Share on other sites More sharing options...
Mad 86 Share Posted April 16, 2016 Ignore the guy above, try Obfustications, there are free ones out there Absolutely not, do NOT put your database details or any private details on the client side. Link to comment Share on other sites More sharing options...
Calle 17 Share Posted April 16, 2016 Absolutely not, do NOT put your database details or any private details on the client side. If he obfusticated the code and the info are in a string, the information will be lost Link to comment Share on other sites More sharing options...
Pug 130 Share Posted April 16, 2016 shud always do script > php > database database > php > script Link to comment Share on other sites More sharing options...
Pandemic 2702 Share Posted April 16, 2016 Never put important data like database credentials in your scripts/programs, even with all the obfuscation in the world it can easily be found. Link to comment Share on other sites More sharing options...
Mad 86 Share Posted April 16, 2016 If he obfusticated the code and the info are in a string, the information will be lost I dont think you understand what obfuscation is. It would still be the same string, do you mean hashed maybe? If youre talking about modifying the string so the user cant view the details, how do you expect it to work to connect to the database then lol shud always do script > php > database database > php > script or not php because php is disgusting Link to comment Share on other sites More sharing options...
Ales 2 Author Share Posted April 24, 2016 Absolutely not, do NOT put your database details or any private details on the client side. Ignore the guy above, try Obfustications, there are free ones out there If he obfusticated the code and the info are in a string, the information will be lost shud always do script > php > database database > php > script Never put important data like database credentials in your scripts/programs, even with all the obfuscation in the world it can easily be found. I dont think you understand what obfuscation is. It would still be the same string, do you mean hashed maybe? If youre talking about modifying the string so the user cant view the details, how do you expect it to work to connect to the database then lol or not php because php is disgusting i just save it to java properties file.. or would you advice me to use webservice Link to comment Share on other sites More sharing options...
Calle 17 Share Posted April 24, 2016 i just save it to java properties file.. or would you advice me to use webservice webservice if possible Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.