0

I am currently using Mysql in my electron application, so I started to verify the .asar file when I compiled it, I could see that all the application code is shown, so I think the Mysql connection would be very vulnerable, there is some way to correct this?

Image:

File .asar

Ćarlos Omar
  • 25
  • 4
  • You could request data via web service and require each user to login and authenticate inside your application. Less secure and much simpler solution is to just obfuscate your code. – FCin Dec 29 '17 at 18:20
  • @FCin I don't understand the first solution and about the second solution I had thought about it but just as you are unsafe – Ćarlos Omar Dec 29 '17 at 18:25
  • Basically, there is no secure way to store passwords inside application. If computer can run it, someone can find it. You can only make it more difficult for someone to find it. If you want fully secure connection you can setup web service on a remote server to which you will make requests. This way web service will securely communicate with database and desktop app will only make e.g. http requests to the webservice. Of course I'm talking about a database common for each user. If you only need local database then I don't think you need to hide the credentials. – FCin Dec 29 '17 at 18:28
  • I will try to do something like that to see. – Ćarlos Omar Dec 29 '17 at 18:44

0 Answers0