How to configure database connection securely

Question

Similar but not the same:

• How to securely store database connection details
• Securely connecting to database within a application

Hi all, I ha

Answer 1

First of all, letting untrusted users connect to a database is generally not a good idea. So many things can go wrong. Put a web service inbetween.

If you absolutely have to do it, make it so that it doesn't matter even if they get the username and password. Limit their privileges in the database so that they can only execute a few stored procedures that have built-in security checks.

Whatever you do, you can't give the username/password of a privileged user to an untrusted person. It's just asking for trouble. No matter how well you try to hide your credentials within an encrypted string inside a binary file or whatnot, there's always a way to find them out. Of course whether anyone'll actually do it depends on how interesting your data is, but silently hoping that mean people with debuggers will just leave you alone is not a very good security measure.