Direct access to MySQL on mobile
Bob Sneidar
bobsneidar at iotecdigital.com
Wed Jul 2 17:41:01 EDT 2025
I store the credentials in an encrypted format, and the encryption library that contains the key is a different file and is itself password protected. Only I know the. keys and passwords. That probably isn’t even enough for a lot of people who would still not recommend this, but frankly I do not think I should have to set up a web server just so I can secure passwords. Perhaps we sould have had a special password variable that was self encrypting using an unknown key.
Bob S
On Jul 2, 2025, at 9:10 AM, panagiotis merakos via use-livecode <use-livecode at lists.runrev.com> wrote:
Hello all,
Off-topic (or maybe not) - it is not suggested to access the MySQL database
directly from the client app, either it is a Desktop app or a mobile one.
Accessing the DB directly means the credentials are stored in the app, so
theoretically a malicious actor could extract those from the app.
The recommended approach is to have the client app talk with the DB via a
LC Server .lc script, which will handle all the confidential info. So the
credentials will never leave the server. The flow is the following:
The client app talks to the server -> the server connects to the DB and
does the SQL query -> the DB returns the result to the server -> the server
returns the result back to the app.
Hope this helps.
Kind regards,
Panos
More information about the use-livecode
mailing list