0

I have a Windows VB Net desktop application using MySQL server on a remote host. What are the security risks of using a encrypted connections strings section in the configuration file? If it is safe, would you trust it enough to keep the MySQL root password?

The connections strings have Persist Security Info=False and its users have only the privileges needed to perform their tasks.

Michele H.
  • 5
  • 5
  • One thing you should think about is: what would happen if you'd need to change the password and your app is installed on many PCs? – Zoli Szabó Feb 01 '22 at 14:56
  • Are there any other thoughts if changing the password was never a concern? @ZoliSzabó – Michele H. Feb 01 '22 at 15:25
  • Changing the password might not be something planned, but required (e.g. if you get hacked). Also, depending on the type of your app, you might want to periodically change the password. You could have a web service endpoint, which would provide your app with the (encoded) password each time it is run. Finally, you should use a MySQL account (username & password) with the minimum of permissions that works for your app. In no case that should be the root account. – Zoli Szabó Feb 01 '22 at 15:48
  • I have no information regarding the server MySQL server will be installed on. Does it matter that the usernames/passwords (non root) for MySQL are only ever used for encrypted connections to the application's MySQL server? Also, root's username (no longer called root) and password are only stored for installing the application. Thank you for help, I really appreciate you @ZoliSzabó – Michele H. Feb 01 '22 at 16:35

0 Answers0