Unsolved Secure way of connecting to database
-
Hello,
I have problems to understand how to connect securely to a database. My software is a client that connects to a remote server on which the database is installed.
For now I was planning connect directly to the database using QtSql object, and using SSL and certificates. However, I don't understand how someone who have access to the executable could not retrieve those certificates and access the database.
Another option would be to create an API on the server side, between the client and the database, but then what is the use of the QtSql classes?If you think I should go for an API implementation, would you have any recommendations of how to implement it (tutorials, framework, etc) ?
Thanks
Thombou -
Hi,
Since you are used to PHP, try the slim framework.
In any case, what languages are you most fluent with ?
[edit] my bad, I may have mixed this with another thread.
-
@SGaist
So first, you think the API is the best way to go?
Otherwise I am indeed used to php (nice guess!) or python
Thanks :)
Thombou -
For python, depending on your needs, the Django REST framework is pretty good.
-
Thanks @SGaist !
Before I start diving into Django (I never used it), I have a few questions. I have heard of Flask also, which apparently is easier to use that Django. What do you think would be the best?
In my client I will ask for username and password for the user, then the API has to check is hose credentials are valid and return a token to the client. Then each time a the client has to interact with the database, the token has to be provided to be sure that the user is authorized to have access to the data. Is that the way I should implement my interactions with the database?In that case, which framework would be the best?
Thanks!
-
Flask is also good. It is a bit lower level than Django. I would say that you should compare the frameworks for user management that operate with Flask to see what would be easier for you to maintain in the long run.