B4J Question security of mysql db on b4j server

ArminKH

ArminKH

Well-Known Member
Hi
Before using b4j i used php for managing online db (my sql)
always i Put my db user and pass to a php file and limit the user access just to read(permition 400 i think)
Then on main php page like search.php i include my db.php and by using this security solution my database is safe
Now what about b4j?
On b4j when i want access to my my sql data base we should enter user and pass of db and maybe my server decompiled and then my user and pass is accessable simply
What is the same security solution on b4j?
Thank u
 
Sort by date Sort by votes
ArminKH

ArminKH

Well-Known Member
Erel said:
How can the server be decompiled? If a hacker has access to the file system then the password in the PHP script will not be safe at all.
Click to expand...
Ok if the server can not be decompiled why we limit the access to our database by using permisions?
My question is just for find a same way to ensure maximum security solutions not just for compare php and b4j
Thanx erel
 
Upvote 0
ArminKH

ArminKH

Well-Known Member
Has b4j any same way to include other b4j servers on same place?or any same solution?if not can this happen in future?
 
Upvote 0
Daestrum

Daestrum

Expert
Licensed User
Longtime User
arminkh said:
why we limit the access to our database by using permisions?
Click to expand...

That's the correct way. you don't give a query full access if it's only reading the database. you give it a user/password that only has read permissions set in the database.
Most DB's have built in security for this purpose.

A log in screen, for example, needs only read permissions on one table to decide if the log on credentials are valid. So in the DB you create a 'login' user/password and only grant read permission on 'users' table.
Couple that with a retry delay that grows on each successive log on failure, this will frustrate a brute force attack.
 
Upvote 0
ArminKH

ArminKH

Well-Known Member
Daestrum said:
That's the correct way. you don't give a query full access if it's only reading the database. you give it a user/password that only has read permissions set in the database.
Most DB's have built in security for this purpose.

A log in screen, for example, needs only read permissions on one table to decide if the log on credentials are valid. So in the DB you create a 'login' user/password and only grant read permission on 'users' table.
Couple that with a retry delay that grows on each successive log on failure, this will frustrate a brute force attack.
Click to expand...
Excuse me 4 my english if i cant tell my problem exactly
On php side we have a page like search.php and an other like db.php and also we have a my aql database
Our database has a username and password for access to data
Now in db.php we have our username and password values and connect to our database by using pdo
Then we limit db.php's permission to limitest mode
Then on search.php we just include our db.php and our user name ande pass valuse kept on secure page
Now what about b4j?
I know if our server hacked then each part of our server are crackable
It can be better or safer if be a way to include an other b4j server or any same way to ensure this security solution
And if not ok then thats not possible... :-D
Thank u ;-)
 
Upvote 0
You must log in or register to reply here.

Similar Threads

Situ LLC
  • Article
B4J Code Snippet Emigrate Mysql to Sqlite DB
Replies
2
Views
945
Magma
Magma
Mashiane
Mashy Teaches WebApp/Website Development with BANanoVuetifyAD3 - The New Series
7 8 9
Replies
163
Views
41K
Mashiane
Mashiane
aeric
  • Article
Share My Creation [B4X] User Login App + [B4J] MySQL API Server (Key + Token)
2 3
Replies
42
Views
18K
pixet
pixet
Star-Dust
  • Article
B4J Library [B4X] [B4XLib] SD_SQL (direct access to MySQL, MariaDB, MS SQL, FireBird)
2 3
Replies
56
Views
18K
amorosik
amorosik
Erel
  • Article
B4J Library MongoDB - Documents database
Replies
6
Views
9K
Mashiane
Mashiane
Top