Querying MySQL from client application

Question

I want to make an application to do some remote tasks on a computer using the Java language. I have a database where I want to check informations - I am just not sure if it's safe to connect to the MySQL database from the client.

I've been able to think of the following solutions:

1. Connect to- and query the database from the client
2. Request a web-page with a PHP script querying the server

Which method would be better? And can a user somehow see the MySQL credentials from the Java client?

Answer 1

I think better to implement Web Service and return data via that service.

Answer 2

I think your line of thinking is pretty good. It will definitely add another layer of security if you access a PHP page, or a servlet or some kind of web service or web page, that will return the data instead of the application accessing the data directly.

Another thing you should definitely remember to do is to give the database account used in your solution the minimum possible security it needs to access the data you want to return. This way you have several layers of security.

Answer 3

Well, it's not so safe.

You would have to store database credentials in the application. Java applications are decompilable, this means that if someone decompiles your application, he would be able to access your database freely.

In my opinion, querying the database via a PHP bridge is better, you can limit the operations that can be done on your database, and if your hosting provider closes database access to clients that are not on the server (i.e. your hosting provider provides access only to php scripts executed on the same server), with the php bridge you are always sure to be able to query the db