Android Question Apps using MySQL: A Security Question

[Mashiane]

Hi there

What is the best way to securely include your connection details to an app that uses MySQL?

Whilst users will get registered on my app to use it, I have defined a main user that accesses the database and execute php commands using a single username and password and have included the connection details in the app.

On each of my php files I have also included the username and password details to login into the database. The thing is I want to avoid hacking perhaps via the app or via my php scripts though my webserver is not using https.

Any advise anyone?

 

[KMatle]

First: NEVER EVER include any userid's, pw's or any other data in your app (can easily be read),

This is a nice source for php and MySql: https://www.binpress.com/tutorial/using-php-with-mysql-the-right-way/17

I use one php script for one app (entry). Don't trust any data you get. Check everything you get, filter it, etc. Use encryption and a login for every user (I use RSA plus AES in combination).

 

[Erel]

Make sure to set all the important strings in Process_Globals. This way they will be obfuscated.