Click here to Skip to main content
15,906,645 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hello everyone I'm developing nuget package as a side project, with the package the user will be able to retrieve data from my MySQL database server by executing a function that contains SQL query in it let's call it `GetStuff()`.

Example of the GetStuff code:

public class GetStuff : IDisposable {

      public string? name;


      public void Dispose() {
          //throw new NotImplementedException();
      }

      public GetStuff() {

              Console.WriteLine("Connecting to Server...");

              ConnectionGetter.con.Open();

              String _select = "SELECT stuff FROM information;";
              ConnectionGetter.command = new MySqlCommand(_select, ConnectionGetter.con);

              MySqlDataReader _read = ConnectionGetter.command.ExecuteReader();
              while (_read.Read()) {
                  name = _read.GetString(0);
              }
              _read.Close();
      }


Example usage:

String myUsername = "";
     using(GetStuff gs = new GetStuff()) {
         myUsername = gs.name;
     }


ConnectionGetter class will retrieve connection string from App.Config:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using MySql.Data.MySqlClient;

namespace officialAPIFS {
    public class ConnectionGetter {
        private static string access = System.Configuration.ConfigurationManager.ConnectionStrings["CONNECTIONSETUP"].ConnectionString;
        public static MySqlConnection con = new MySqlConnection(access);
        public static MySqlCommand command;
    }
}



And the main problem is that the SQL query is exposed when you're using intellisense and I want to avoid my table, column, or anything that's related to the SQL query from the function from getting exposed to the user, am I doing this wrong? what are the safer way to do this so the user cannot see the SQL query code behind the function?

What I have tried:

I'm completely lost and google shows irrelevant results.
Posted
Updated 3-Mar-23 9:30am
Comments
Maciej Los 3-Mar-23 17:17pm    
If you want to hide your sql query, would suggest to store that query in encrypted file. That file should be the part of NuGet package.
PIEBALDconsult 4-Mar-23 10:35am    
Trying to hide it is generally not worth the effort. Can't the developer simply connect to the database and query the meta data?
I haven't used MySql for a while, but surely you can define a view which the code would access?
In SQL Server I might use a Table-Valued Function.

Or, simulate your own stored procedure technique by making a table which contains the actual SQL statement and provides an alias?

However, I recommend not bothering.
Dan Sep2022 4-Mar-23 10:38am    
`However, I recommend not bothering` So I don't have to bother hiding the SQL query? If so then why is that? How about the vulnerability?
PIEBALDconsult 4-Mar-23 18:21pm    
There is no vulnerability. Either the person using your code has access to the whole database or he has none. Trying to hide the particular query is useless when he can simply access everything but that.
Maybe you haven't properly described the situation. Or someone hasn't properly explained to you what to "protect", or you misunderstood what was said.
If you want to "protect" your database, about all you can do is put it behind a Web Service or similar. But that's not what I thin you are going for.
From what I can tell from your question (unless I misunderstood it), a developer has a copy of your database and a copy of your code, and you are trying to keep him from seeing the SQL, even though they have a copy of the database they can fully explore anyway. If this is not the case, then you need to add detail to your question.

1 solution

Maybe you can encrypt the connection string as show in this example:
Encryption Decryption Connection String for the App.Config File[^]
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900