维护安全的MySQL连接
[英]Maintaining a Secure MySQL connection
问题描述
I'm new to databases and all that stuff. 
我是数据库和所有东西的新手。 Let's say I have an application that connects to a database to authenticate users. 假设我有一个连接到数据库以验证用户身份的应用程序。 I have a table Students (the users) with their respective passwords. 我有一张桌子学生(用户)和他们各自的密码。 To connect to the database, in order to I need a MySQL connection that looks like this : 要连接到数据库,为了我需要一个如下所示的MySQL连接:
MySqlConnection("server=; database=; uid=; pwd="); MySqlConnection(“server =; database =; uid =; pwd =”);
The problem is the fact that I need to hard-code the root password of the database in the application, therefore distributing the root password of the database to all users of the application. 问题是我需要在应用程序中硬编码数据库的root密码,因此将数据库的root密码分发给应用程序的所有用户。 To me, it doesn't make sense ? 对我来说,这没有意义吗? Am I missing something ? 我错过了什么吗?
1 个解决方案
解决方案1
0 2013-11-19 00:53:04
In general you have something like 'client server model'. 一般来说,你有类似'客户端服务器模型'的东西。 The client (your c# app), connects to the server. 客户端(您的c#app)连接到服务器。 The server then connects to the DB (and so only on the server side the user/pass is known). 然后,服务器连接到数据库(因此仅在服务器端,用户/传递已知)。
client <-> server <-> mysql
I would say its bad practice to implement a db connection in the client. 我会说在客户端实现数据库连接的不良做法。 However, you could implement a per user database authorization. 但是,您可以实现每用户数据库授权。 Meaning the client needs to enter (the mysql ) user/pass. 意味着客户端需要输入(mysql)user / pass。 But then you need to give the user certain 'rights' directly on the db. 但是,您需要直接在db上为用户提供某些“权限”。 My guess is, you don't want that. 我的猜测是,你不希望这样。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.