What programming practise can help reduce the probability of hacking into my app or is database?

Question

1.22/5 (2 votes)

See more:

, +

-3 down vote
favorite

I am writing a desktop app in C++ for windows. It will be followed closely with the web versions( in PHP, then in asp), versions for Linux, mac,android, blackberry and iOS.

The database will be hosted in google cloud or the company website hosting location.

What programming practice can help reduce the probability of hacking into my app or is database??

My concerns are:

I write database connection password in pain text in connection strings. Is there a way to go about writing database connection password in non-plain text in the connection strings?

I plan to connect directly to a remote database from my program using a connection string. Is it not wiser that I do a socket connection to a server-side script like php and let the server-side script do the database querying and accessing and return the result to my app?

Which is better using certificates, using ssl or using public/private key pair to secure data sent from client to server?

The truth is that I don't know about hacking and I must assure users that their data is safe.

Posted 28-Oct-15 15:03pm

Gbenbam

Updated 28-Oct-15 15:32pm

v2

Add a Solution

Comments

Philippe Mori 29-Oct-15 12:38pm

Security is always a trade off between effort and result... Although some simple steps like those mentionned in solution 1 will really help having a more secure app.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

phil.o · Accepted Answer · 2015-10-28T17:16:00

Technically, no device should communicate directly with the database.

Most often, devices talk to a web service, which will internally route the query to the database (directly or through some other layer(s)).
Of course, communications between devices and web service have to be encrypted. https protocol is meant for that.

Each of these fields, architecture, security, compatibility between platforms, is a hell of a question by itself. Treating all of them in a Quick Answer post is quite ambitious.

My feeling is (no pun intended, that's for your own good) you should not contract on anything security related before having studied toroughhly the subject and come to a decent, well unit-tested implementation. To mix my metaphors, that would be like my grandmother starting to knit airbags; cute, but quite useless, if not dangerous.

Kindly.