1

I am new to Xamarin, and currently building a SQL database driven application which connects to my remote MS SQL Database. To do this, I am supposed to use SQLClient and its commands.

SQL Client requires database connection string which I am using as a string in my application just like this. 

string connectionstring="Data Source=SomeRemoteAddress;Initial Catalog=dbname;User ID=userid;Password=xxxxxx;Persist Security Info=True;MultipleActiveResultSets=True;" providerName="System.Data.SqlClient"

Using this connection string, I am able to connect to the database. I am just worried how secure this is. I am building APK file and launching in Playstore.

Suggest me how secure this is. Is there any possibility for hackers to get into the APK File and access my connection string ?

Thanks in Advance.

Improve this question
1
  • 3
    Embedding a userid and password to a publicly available SQLServer instance is a really bad idea and it is not secure at all. Place the SQLServer behind a web service and expose those only those endpoints to the public. Commented Dec 14, 2016 at 8:01

1 Answer 1

Reset to default
3

Anything inside the app package has to be considered as public. If it is worth the effort for someone to find out, they will.

Options are:

  • When you only need reed access to that database, make sure you only add a connection with the least permissions.
  • Hide the SQL Server behind a webservice, so you shrink the available surface for attackers.

In the end, the most secure way is to have the users authenticate individually, so you can revoke their access on a per-person basis without disabling the application for everybody, when you have to change passwords.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.