I have a central SQL server which can be INSERTED INTO and SELECTED from via PHP. However I have built a Java application which I hope to be able to Insert and select stuff in the SQL table with that I have hosted on a web server.
How would I go about doing this? I don't really want to have the root password with JDBC in the source code as even if it is obfuscating it can easily be deobfuscated and then the user has direct access to the database.
Someone said to me that I should use an API but I don't see how I will be able to interact with the database by doing this.
解决方案
If you already have a PHP application running server side that handles database interaction; I recommend letting that handle if for you.
Write an API in PHP that handles all of the database interactions and send requests to that API from your java application. (I'd probably have the users create an authorization token to pass along to the API as well so you can track who is using your API and limit access).
Your application can then send HTTP(s) POST/GET/etc requests to your PHP that will then handle the database interactions and return the results. Your database username and password will be kept on your server and your application will not need to know them.
If you don't want to rely on a backend service and want your client application to interact directly with the database... You'll probably have to include a username and password in the code. BUT I'd create a separate user in the database with limited accessibility that could be removed anytime you suspect abuse.
619
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
