How secure if i use database connectionstring values inside Xamarin application?

Question

I am new to Xamarin, and currently building a SQL database driven application which connects to my remote MS SQL Database. To do this, I am supposed to use SQLClient and its commands.

SQL Client requires database connection string which I am using as a string in my application just like this.

string connectionstring="Data Source=SomeRemoteAddress;Initial Catalog=dbname;User ID=userid;Password=xxxxxx;Persist Security Info=True;MultipleActiveResultSets=True;" providerName="System.Data.SqlClient"

Using this connection string, I am able to connect to the database. I am just worried how secure this is. I am building APK file and launching in Playstore.

Suggest me how secure this is. Is there any possibility for hackers to get into the APK File and access my connection string ?

Thanks in Advance.

Answer 1

Anything inside the app package has to be considered as public. If it is worth the effort for someone to find out, they will.

Options are:

• When you only need reed access to that database, make sure you only add a connection with the least permissions.
• Hide the SQL Server behind a webservice, so you shrink the available surface for attackers.

In the end, the most secure way is to have the users authenticate individually, so you can revoke their access on a per-person basis without disabling the application for everybody, when you have to change passwords.