Reputation: 2570
How can i securely access a web based MYSQL database from an Android App
I have a SQL databse on the internet which has information I need my Android app to be able to access that information The app needs to know the username and password of the database How can it know?
If i code it in, anyone can get it
Upvotes: 0
Views: 270
Answers (1)
Reputation: 86333
In general, databases should not be publicly accessible, nor should they be directly accessed by a user application, for several very good reasons:
There is generally no easy way to implement row-level access control. Views and triggers can only get you so far - in general application-level users do not map well to database users, since the latter usually have access to far more data than the former should have.
The DB clients are tied to the actual database schema. Having clients not under your control like, say, an Android application is a very good way to tie yourself up in ways that would disallow any and all future development.
Having a DB port open to the world is not considered by any means secure. Any potential security hole would give straight access to all of your data. The MySQL security guidelines explicitly warn against opening the DB port to the internet.
There is no way to protect the DB credentials or the data from a sufficiently determined and knowledgeable user. If your application can access something, so can they.
Database access protocols are mostly designed with local-area networks in mind, rather than the inherently unreliable nature of the Internet. Even encryption and security are often more of an afterthought...
The standard way to approach this issue is to create an intermediate web service with separate user accounts and a restricted set of operations on the data. The web service would let each user access only the data that relate to them, and even that indirectly. This approach separates the data from the user application layer, allows you the flexibility of storing and accessing your data however you wish and provides an additional layer of security for your DB.
Upvotes: 3
Related Questions
- How to connect android to mysql database securely
- Connect to Mysql from Java securely?
- How to protect a MySQL database from unauthorized access and securely connect to it from a Java application
- Connecting android app to mysql
- How secure is it to connect to a MySQL database from an Android app?
- Android login authentication to remote MySQL database
- Security between Android app and external database
- Android - safest way to connect to MySQL database
- Best way to access MySQL database data in Android via HTTPS Request
- Login-Authentication to a remote mysql database