Secure access to mysql

[vcopola]

Hello
at first sorry for my English .....
After reading through the forum I see that the way to access mysql is not secure, and that posting on. Php du ser data and password does not give me much confidence ..

Is this safe??
http://www.b4x.com/forum/additional-libraries-classes-official-updates/22291-mysql-library-jdbc.html



Or is it like this??
http://www.b4x.com/forum/basic4andr...-connect-android-mysql-database-tutorial.html

I'm starting on this and one of the things I need most is to have read access to SQL database or mysql, but surely.

 

[peacemaker]

This can be secure, if to use encription hash.

But need to study this big\complex system.

 

[vcopola]

thanks .... I had not seen in the forum ...

 

[grant1842]

Connecting with a serverside script such as php is a very secure option in my opinion since you don't have to store and send the login credentials through the app.

 

[peacemaker]

Did you know what HTTP- sniffer is?
Password is sent as well as all other by HTTP.

 

[grant1842]

I meant you don't have to store the login credentials to the entire database

 

[peacemaker]

Database is the target, the password is just a resource...

 

[Erel]

You can make the web service approach secure by using a SSL connection (https instead of http).

 

[aalekizoglou]

If you are going to use a server side script like mysqltunnel.php you can always use an encrypted connection based on https, or use mysqltunnel's encryption feature based on a variable hash key.

Of course you can set the database credentials on the server side script, just to not transfer DB's password data over http.

Also if you have sensible data to transfer to/from device/DB then ecnryption would be needed again based on https or hash key.