Android Question Encrypt MSSQL login credentials

[Mostez]

my program connects to SQL 2012 server, I'd like to know if login credentials are encrypted by B4A or just sent in raw text format? is there any method to encrypt it?

 

[Alex_197]

Which way are you going to connect? What if you create ASP.NET / PHP page that will connect to your app and send the data to the SQL Server?
In this way you don't need to care about security at all.

 

[Mostez]

I never designed ASP.NET projects, i just use B4X activities to send sql queries and display data on b4xtables

 

[kisoft]

Hello, it is not clear what database you are connecting to, Whether it is SQL or MYSQL server database. If you write about a server database, you can use JRDC2. It is fully encrypted.

[B4X] jRDC2 - B4J implementation of RDC (Remote Database Connector)

RDC is a middleware server that makes it simple to safely connect clients and remote SQL database servers. jRDC2 is the latest version. All new projects should use this version. jRDC2 is made of two components: - B4J server. The server receives the requests from the clients, issues the SQL...

www.b4x.com

Tutorial of connecting Android to MS SQL Server using jRDC2

Hi Here is a tutorial that shows the steps of how to make an Android connection to MS SQL Server using jRDC2. Download tutorial here: Attached the Mobile Project in B4A and the JRDC2 Project in B4J Any questions please ask in the forum Bladimir Silva Toro Teacher programming software

www.b4x.com

Here's SQL

Android database encryption with SQLCipher library

SQLCipher is an open source project that extends SQLite and adds full database encryption. License: https://www.zetetic.net/sqlcipher/open-source/ B4A SQLCipher is a special subtype of SQL object. There is almost no need to change any code in order to switch from regular SQL to SQLCipher. The...

www.b4x.com

 

[Mostez]

it is not clear what database you are connecting to

it is in my first post and title MS SQL 2012 Server. what I did not mention is "I use jtds-1.3.1 for connection", is it possible to use SQLCipher with it?

 

[kisoft]

SQLCipher is not a server solution. You need a solution for a server base, in this role JRDC2 works best ... both locally and remotely via the Internet and the data is encrypted ...

P.S
Sorry ... the title contains a kind of database ...

 

[OliverA]

1) Make sure you SQL server has a certificate set up
2) Use the ssl option of the JTDS driver (see http://jtds.sourceforge.net/faq.html#urlFormat)
3) Cross your fingers...

 

[Mostez]

I created SSL certificate and assigned it to SQL server, server services started OK and i can login to server from application, I added SSL option to jtds like this:

dbJDBCurl = "jdbc:jtds:sqlserver://" & dbCurrentIP & "/" & dbName & ";ssl = request"

I monitored the packets sent from phone to server, but I still see username and password in plain text and protocol is TDS not SSL

 

[OliverA]

I monitored the packets sent from phone to server, but I still see username and password in plain text and protocol is TDS not SSL

How are you monitoring the packets? The client should first create an SSL connection to the server and then use TDS over SSL to communicate with the server.

 

[Mostez]

How are you monitoring the packets?

wireshark

 

[OliverA]

The SSL connection to the SQL server should happen before the TDS connection. In Wireshark, you should see the client establish the SSL connection to the server and, if successful, all traffic to the server should be encrypted. If that is not happening, you may need to look at the log files on the server to see what is going on.

 

[Mostez]

i will send a screen capture tomorrow to let see.

 

[Mostez]

sorry for delay, please see attached screen capture