On Thu, Feb 01, 2007 at 10:24:51 +0900, Paul Lambert <paul.lambert@xxxxxxxxxxxxxxxxxx> wrote: > > If you hide the database username and password within your application > (i.e. encrypted within the source code) so they cannot see the > credentials that you connect to the database with internally then they > have no means by which to connect to it using any other programs. This is not real security. Encrypting the data in the application only works if the application is running on a computer you control. If the "customer" can get their own copy of the client and run it on a computer they control then they can steal or borrow the applications credentials. You want to either run the app on a computer you control or have a contract with the customers prohibiting them from connecting to the database other than by using the app.
