Password storing strategy

**Lykurg** · 30th June 2009, 13:56

Originally Posted by wysota

How about making a small dedicated application for changing settings which you can protect without touching the main application? Would that help?

That is exactly my plan, but the problem is more theoretical where and how to store the db access data...

I'm not sure what you're after precisely.

Ok, my thought are also still a bit confuse, but the main points are:

I have a MySQL database on a server, of whom I don't know the url, port, user and password at the compilation time of my program.
The program must not ask the user for any detail of the connection. It should be possible to open the program and use it right away.
So the configuration (DB access) of the program must be done by the system operators.

And the point is that I am not sure, which way I should take to provide the configuration mechanism to the administrators and at the end how and where to store the connection data, that the application can read the MySQL login informations.

My real intention to hide the password and user login to the DB is, that only my program should be able to access the database.

I thinks all is pointing to the Fortune Server with an additional SSL, and since I am not very familiar with that I will have some further investigations on that. Thanks for the hint.

Lykurg

**lyuts** · 30th June 2009, 14:39

Sorry if I'm saying the same (I think I'm not).

Solution 1:
We have a server "A" which has MYSQL on it. We also have a client machine "B" which will have your application installed.

What if just create a server-listener which will live on "A"?

A client on "B" will have a configuration consisting of an IP and Port for the server which has server-listener running.
A server-listener waits for client connections and when it gets one it tells the client the credentials for db and the client on "B" will use them for its further work.

Solution 2:
The client on "B" doesn't need any credentials. What it will do is communicate with the server-listener on "A".
Something like this:
a) client on "B" tries to reach server-listener on "A"
b) server-listener on "A" gets this connection and creates an instance of server-worker for client
c) further work looks like this - client communicates with this server and depending on commands the server runs some db queries and returns the result to client.

Sort of thin client.

**wysota** · 30th June 2009, 15:09

Originally Posted by Lykurg

My real intention to hide the password and user login to the DB is, that only my program should be able to access the database.

So maybe it's easier to perform server-side certificate verification of the SSL connection between the client the MySQL server? I'm sure you can configure MySQL for that and it should be transparent to Qt.

**Lykurg** · 1st July 2009, 18:53

Originally Posted by lyuts

b) server-listener on "A" gets this connection and creates an instance of server-worker for client

That's a nice thought. I will think about it!

Originally Posted by wysota

So maybe it's easier to perform server-side certificate verification of the SSL connection between the client the MySQL server? I'm sure you can configure MySQL for that and it should be transparent to Qt.

Ok this is probably the safest variant, but as said I need to read more about the SSL stuff and how to certificate only one single application etc. But at least I know now what to do the next weekends