在应用程序中使用直接MySql连接-C#
[英]Using direct MySql connection in app - C#
问题描述
I have developed an app, which more than 2k users are going to use it. 
我已经开发了一个应用程序,将有超过2k的用户使用它。 This app is connected to a database which contains some data. 该应用已连接到包含某些数据的数据库。 I have some questions: 1. Is it ok to use mysql direct connection in app instead of API for just reading data? 我有一些问题:1.是否可以在应用程序中使用mysql直接连接代替API来仅读取数据? 2. Is there a way that someone find my server's information (address, pass, etc) from my application? 2.有人可以从我的应用程序中找到我的服务器信息(地址,通行证等)吗?
App is wpf. 应用是wpf。
2 个解决方案
解决方案1
1 已采纳 2019-03-29 00:35:08
Generally speaking (and as with all generalities there are all kinds of exceptions here, in both directions) it's okay to connect directly to the database if one of these two conditions is met: 一般而言(与所有通用性一样,双向都有各种例外),如果满足以下两个条件之一,则可以直接连接到数据库:
- The app and the database are on the same computer 该应用程序和数据库位于同一台计算机上
or 要么
- The app and the database are on different computers, but within the same corporate network and traffic between the app and the database is adequately protected. 该应用程序和数据库位于不同的计算机上,但是在同一公司网络内,并且该应用程序和数据库之间的流量得到了充分的保护。
and if one of these conditions is also met: 并且如果还满足以下条件之一:
- The end user owns the app and doesn't share data with other users (they break it, that's their own problem and no one else's) 最终用户拥有该应用程序,并且不与其他用户共享数据(他们将其破解,这是他们自己的问题,没有其他人的问题)
or 要么
- You issue separate accounts with only the necessary privileges to each user (the user owns the credential) 您向每个用户仅授予必要的特权(用户拥有该凭证)来发行单独的帐户
or 要么
- The machines where the application is deployed are controlled by the business, where you can securely deploy the application (and the account credentials it uses to connect to the database) in such a way that end users are not able to retrieve the account credentials directly. 部署应用程序的计算机由企业控制,您可以在其中安全地部署应用程序(及其用于连接数据库的帐户凭据),以使最终用户无法直接检索帐户凭据。 (The business owns everything). (企业拥有一切)。
It is not generally okay to connect directly to a database over the public Internet, or within a local network where traffic to the database is not adequately protected, and it is not generally okay to let end users have direct access to the database separate from the application (and if a user has ownership of their machine, they will be able to get that access). 通常无法通过公共Internet或在未充分保护数据库流量的本地网络内直接连接到数据库,并且通常不允许最终用户直接访问数据库而不直接访问数据库。应用程序(如果用户拥有其计算机的所有权,则他们将能够获得该访问权限)。
I also need to expound on what I mean by "adequately protected". 我还需要解释“充分保护”的含义。 This involves a few things: 这涉及几件事:
- A good firewall between the clients and the database. 客户端和数据库之间的良好防火墙。 In some smaller environments, the firewall on the OS hosting the database itself may be enough. 在某些较小的环境中,托管数据库本身的OS上的防火墙可能已足够。
- Measures to prevent MitM attacks on data packets to and from the DB. 防止对进出数据库的数据包进行MitM攻击的措施。 For traditional corporate networks, this usually means 802.1x is running even on the wired network, and wifi access is similarly protected (a pre-shared key wifi network like you use at home is not good enough, because anyone who can get the key can decrypt your traffic). 对于传统的公司网络,这通常意味着802.1x甚至可以在有线网络上运行,并且wifi访问受到类似的保护(像您在家中使用的预共享密钥wifi网络还不够好,因为任何可以获取密钥的人都可以解密您的流量)。 Alternatively, you can implement encryption that runs from the client all the way into such a protected network. 或者,您可以实施从客户端一直到这样一个受保护的网络的加密。 This is what many corporate VPNs are for (a public VPN service doesn't accomplish this for you). 这就是许多公司VPN的用途(公共VPN服务无法为您完成此操作)。 You may also be able to encrypt that actual database connection traffic. 您也许还可以加密实际的数据库连接流量。 I know how to do this for Sql Server, for example, though I'm less clear on what direct support is in MySql in this area. 我知道如何为Sql Server执行此操作,尽管我不太清楚MySql在该领域有哪些直接支持。
解决方案2
0 2019-03-29 00:16:02
If you save the information inside your application, it can be found. 如果将信息保存在应用程序内部,则可以找到它。 You should consider using an API to handle the data reading. 您应该考虑使用API来处理数据读取。 Applications can be reverse engineerd. 可以对应用程序进行逆向工程。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.