Secure Database Connection in ElectronJS Production App?

Question

I've recently begun developing with NodeJS and ElectronJS to create some pretty nifty cross platform software. I want to take it a step further and integrate some database functionality.

While I'm aware that there are mysql packages available to install, I cringe at the idea that anybody can just unpack my asar.app file and see all of the connection details, including username, password, database name, table name, and other sensitive content that you really don't want to expose to people clever enough to break into your app's source code.

I've tried searching extensively on solutions to this problem, which I was surprised to find very little about. How do WhatsApp and Slack secure connections to their database if they were also built with ElectronJS?

Any and all resources are greatly appreciated. I basically want to be able to connect to a production server SQL database in an ElectronJS app without leaving some security backdoor to anybody who cracks the ASAR file.

Thank you!!

Answer 1

For this scenario, I suggest you to use a RESTful web service architecture. Basically you need 3 component, RESTful web back end, client application(your electron) and the database service( see the following image ; source:phppot.com) .For this I suggest you to use nodeJS backend and create a webservice using expressJS . You can define Restful (GET, POST,UPDATE, DELETE) API for each services. For ex: To get some data from your db, you can send a GET request to the following path <yourdomain>:<port>/api/v1/getyoursomthin using your electron app. Your express app process the request and get the relevant data from the data from the database (Tutorial). So your app can get the respond from the server and display to the user. I will add link to some tutorials. You can find and learn more by google :)

• Web: Build a simple app using Node JS and MySQL.

• Express.js Tutorial: Build RESTful APIs with Node and Express

( source:phppot.com)