Reputation: 73
Let desktop app based on Django, connect to remote DB is secure?
I have a desktop app that is built on top of Django framework and frozen to .exe using PyInstaller. The idea behind it, that an application should connect to remote database(PostgreSQL) on VPS. That VPS is serving static files for this application too. So here is the question - is that option secure? Can potential hackers connect to my database and make a mess in it or replace original DB with the fake one? If they can, how should I fix that?
Upvotes: 1
Views: 137
Answers (1)
Reputation: 1701
It is not safe to connect to a remote database in a scenario that you are describing.
For a potential hacker its a piece of cake to figure out the credentials of the remote database that you are using.
And to answer your question it will be difficult for the hacker to replace the DB with a fake one. But it wont stop him from getting all the data from your DB and modifying it.
What you should do is to have a rest-api endpoint or a grapghql endpoint to interact with the database. and you can hit that endpoint from the client app.
Upvotes: 1
Related Questions
- Best practice to use django db connection in network call
- Restricted database user for Django
- Secure way of accessing a PostgreSQL database using python
- Django and SQL Injection with example
- How to access django database from another application
- Django app as database web based UI
- Are Django Q objects (complex queries) secure?
- icontains and SQL Security
- Intermediate security layer (Django/SQL)
- How do I connect Django from desktop to the remote Mysql Server?