Results 1 to 5 of 5

Thread: Secure way to connect to MySQL database

  1. #1
    Join Date
    Apr 2014
    Posts
    116
    Thanks
    8
    Qt products
    Qt5
    Platforms
    MacOS X

    Default Secure way to connect to MySQL database

    Hi there,

    In the next release of my app I would like to use an existing MySQL DB to get and modify data. What is the right way to do that so that the DB username and password as well as the username and password from the user using the app is not exposed?
    I've been reading a bit about connection to a MySQL DB but most post were quite old and stated that it is a bit bumpy to connect with SSL. Is there an up to date example on how to do this?
    Is it a security risk to hard code the DB username and password into the code?

    Thanks!

  2. #2
    Join Date
    Mar 2009
    Location
    Brisbane, Australia
    Posts
    7,677
    Thanks
    13
    Thanked 1,596 Times in 1,524 Posts
    Qt products
    Qt4 Qt5
    Platforms
    Unix/X11 Windows
    Wiki edits
    17

    Default Re: Secure way to connect to MySQL database

    You should be able to configure for an SSL connection to MySql with
    Qt Code:
    1. QSqlDatabase::setConnectionOption("CLIENT_SSL=1");
    To copy to clipboard, switch view to plain text mode 
    Your Mysql client must have been built for SSL and your server must be configured to accept or require SSL. This will protect user name and password in transit over the network.

    Yes it is a risk to embed a database user name and password in your executable. You can obscure it but you must assume it is available to a determined attacker.

  3. #3
    Join Date
    Apr 2014
    Posts
    116
    Thanks
    8
    Qt products
    Qt5
    Platforms
    MacOS X

    Default Re: Secure way to connect to MySQL database

    Hi Chris,

    here it says that QSqlDatabase::setConnectionOption("CLIENT_SSL=1"); is not doing the trick. Was this hack included?

    If hardcoding the login information for the DB is a possible vulnerability, what would be a secure way to communicate with the DB? Would it be better to talk to a php script via an URL with the users username, password (for login) and the request to get an XML file back?

    Best

  4. #4
    Join Date
    Mar 2008
    Location
    Kraków, Poland
    Posts
    1,521
    Thanked 278 Times in 273 Posts
    Qt products
    Qt4
    Platforms
    Unix/X11 Windows

    Default Re: Secure way to connect to MySQL database

    Hardcoding connection parameters in code is not good. You can't easily change this parameters.
    Save connection parameters (address, login, password) in encrypted ini file.

  5. #5
    Join Date
    Mar 2009
    Location
    Brisbane, Australia
    Posts
    7,677
    Thanks
    13
    Thanked 1,596 Times in 1,524 Posts
    Qt products
    Qt4 Qt5
    Platforms
    Unix/X11 Windows
    Wiki edits
    17

    Default Re: Secure way to connect to MySQL database

    No "hack" should be required to get SSL to work if the server is issuing a valid certificate signed by a CA the client side OpenSSL library is aware of. If the server is using a self-signed certificate then that certificate must be manually installed where the SSL library will find it (or try QSslConfiguration, I am not sure if this has global effects)

    Sending a client certificate is a whole different problem. It is not worth the effort... It does not make the connection more secure.

Similar Threads

  1. How to Connect to MySQL database
    By johnL in forum Newbie
    Replies: 12
    Last Post: 16th May 2015, 17:43
  2. Replies: 5
    Last Post: 27th January 2014, 23:22
  3. Function to connect to a MySQL database
    By graciano in forum Qt Programming
    Replies: 0
    Last Post: 14th December 2013, 17:36
  4. Cannot connect to mysql database
    By phapha in forum Newbie
    Replies: 3
    Last Post: 27th October 2011, 15:58
  5. Mysql unknown database, QMYSQL unable to connect
    By lixo1 in forum Qt Programming
    Replies: 3
    Last Post: 14th July 2010, 22:39

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Digia, Qt and their respective logos are trademarks of Digia Plc in Finland and/or other countries worldwide.