Xamarin 表单 (Visual Studio 2017) Android.在应用程序中存储 SQL Server 数据库凭据有多安全?

我已经
1. 谷歌搜索
2. 在 stackoverflow
上3.我的帖子给我的一些建议,不要使用从App到SQL Server的直接连接自由文本语句,而不是使用大多数推荐的REST API服务.

I have already
1. Searched on google
2. Here on stackoverflow
3. Some recommendations for me on my posts, that not to use direct connections free text statements from App to SQL Server, rather than to use mostly recommended REST API services.

概述
我发现在 Xamarin Forms 开发中 SQL Server 连接非常流畅.我的主要项目是基于 web 的 asp.net c# 和基于桌面的 vb.net,它们使用相同的托管 MS SQL Server 2012 Express(虚拟专用服务器而不是共享服务器)数据库.

Overview
I find SQL Server connection very smooth in Xamarin Forms development. My major projects are web based asp.net c# and desktop based vb.net which use same Hosted MS SQL Server 2012 Express (Virtual Private Server and not shared server) Database.

在桌面中,我们可以选择对 app.Config 文件进行加密,我们可以在其中存储数据库连接安全凭据.
在基于 Web 中,我们有 web.config 文件,我们说它以安全的方式将凭据放在那里.
(如有错误请指正)
坦率地说,我在初始阶段尝试过 REST API 服务,包括 Microsoft Azure,但它看起来非常复杂,或者在方法或薪酬结构上对我来说有一些或其他限制.(或者说我现在在 c# 常规语句中完全灵活).由于我拥有自己的托管服务器,我不想再选择其他任何服务器.

In Desktop we have option such encrypting the app.Config file where we can store the database connection secure credentials.
In Web-based we have web.config file where we say its secured way to put credentials there.
(If wrong please correct me)
Frankly I tried at initial stage REST API Services including Microsoft Azure but it looks very complex or some or other limitations for me in approach or pay strucure. (Or say may be I totally am now flexible in c# regular statements). As I am having own Hosting Server I don't want to choose again any other.

终于到了我的查询
现在我将所有安全凭据存储在 .cs 中的 Xamarin Forms Class 文件夹中.

Finally to my query
Now I store in Xamarin Forms Class folder in .cs all secure credentials.

/------------------------------------------
//Connection String
//------------------------------------------
public static string appNutri_connection_string = @"data source=<IP ADDRESS>;initial catalog=<Database_Name>;user id=<user_name>;password=<pass_word>;Connect Timeout=600"

我在整个项目中使用这个 appNutri_connection_string 进行连接.
此外,当我们编译包时,我们会选择在分发前首先输入密码.
不仅如此,在我们将其上传到 Google Play 之前,它还会重新检查哈希密钥凭据和相应的包名称,然后仅发布 apk.

And I use this appNutri_connection_string throughout project for connections.
Also when we compile the Package we are opted first to enter password before distribution.
Not only that before we upload it on Google Play, it rechecks Hash Key credentials respective package name, then only it publish the apk.

所以请让我知道 APK 在 .cs 文件中存储凭据是多么不安全.其次,最重要的是有没有其他解决方案来加密凭证文件?这样我就不需要打破我在所有平台上如此平稳的趋势.

So please let me know how is not safe for APK to store credentials in .cs file. Secondly , most important is there any other solution to encrypt the credentials file? So that I do not need to break my so smooth trend going on all platforms.

这对我来说是一个非常关键的阶段,因为我仍处于产品实时实施的初始阶段.所以不想走得更远,有任何漏洞或错误的看法.数据(尤其是客户)安全和隐私是我的主要任务.任何时候都不能妥协.所以请建议我完成这项任务的最佳方式.

(再次可能是一个可能重复的问题,但坦率地说,我没有找到详细的解释或信息,也没有在此处或任何谷歌搜索中找到)

推荐答案

由于您正处于产品生命周期的初始阶段,请更改您的架构!永远不要,神经直接从外部连接到敏感数据库 - 在公共客户端和您的数据库之间至少放置一个前端层(例如 API).

As you are in very initial stage of your product lifetime, PLEASE CHANGE YOUR ARCHITECTURE! Never, nerver connect directly to a sensitive database from outside - put at least a front-end layer (eg. API) between public clients and your database.

相关文章