Android Question Online DB Security (mySQL)

wonder

Expert
Licensed User
Longtime User
Hello DB gurus!

In my game HyperBloX, I'm using an online DB to store the highscores.
Everything works fine, no complaints here.

There is one thing, however, I'm not really comfortable with.
The DB password is stored in Process_Globals (obfuscated).
In theory, any user who obtains the password may access it and drop all the tables without effort.

Is there another way to do it, or at least a "read-only" mode for the DB?

I'd like to have a secure environment where the user will have access only to his own data, in "read-only" mode.
 

Erel

B4X founder
Staff member
Licensed User
Longtime User
It is better to connect to a web server (middleware) that connects to the database server. It is safer and also more maintainable (you can change queries or change your credentials for example).

You can use RDC (or jRDC) for that.

With RDC you define the possible commands in the server. The user can never execute an undefined command.
 
Upvote 0

wonder

Expert
Licensed User
Longtime User
So would it be possible for my webserver interface to be written in B4J and the DB an SQLite DB?
App <=> WebServer (B4J) <=> SQLite DB

If so, would I have to host it at home in my personal computer?
 
Upvote 0

DonManfred

Expert
Licensed User
Longtime User
The DB password is stored in Process_Globals (obfuscated)
Have a look at the F5Steg library from @Informatix (part of the Pro bundle)
Together with his security guide you can save your code and password.
 
Upvote 0

inakigarm

Well-Known Member
Licensed User
Longtime User
So would it be possible for my webserver interface to be written in B4J and the DB an SQLite DB?
App <=> WebServer (B4J) <=> SQLite DB

If so, would I have to host it at home in my personal computer?

I think you can have sqlite as db on B4j server; the b4j server can be on your Pc (need to ve accessible from internet if you want to be accessed bt your hyperblox users) or better, on a Vps (may@be linux) system
 
Upvote 0

Erel

B4X founder
Staff member
Licensed User
Longtime User
Upvote 0
Top