In Electron, Asar can be unpacked, so users can see the source code. But if the project is using a database, users can see the database password, even if we make a .env file. Is there a way to protect the database password?
Asked
Active
Viewed 65 times
0
-
1Are you sure you don't want to have a separate backend server that will access the database for the users? As far as I know having lots of open connections to the database is not a good option for performance – Maxim Krabov Mar 18 '20 at 17:22
-
@MaximKrabov Thank you. I didn't know that. But What about API key or API token or whatever? – dwsong07 Mar 20 '20 at 16:33
-
If you want to make a request to an external service that needs a token, you can make the request from your backend server. Electron app will make a request your-api-endpoint.com/make-google-request, and your server will do that request and return the response to the electron app. – Maxim Krabov Mar 26 '20 at 14:10