Solved How to save MySQL SSL certs in QRC file
-
Hi, I'd like to port an app that currently works perfectly on Linux to other platforms (hopefuly Android and IOS) but I'm stuck right at the beginning.
Right now it works by connecting to a MySQL server on the Internet, so it uses SSL certs through:
db.setConnectOptions(SSL_KEY=client-key.pem;SSL_CERT=client-cert.pem;SSL_CA=ca-cert.pem;")
I'd like to bundle the certificates in a QRC file, but then, how can I pass the path to the MySQL connection? I've tried with ":/ca-cert.pem" as a path and didn't work. Is there any way to acomplish this?
-
Hi!
how can I pass the path to the MySQL connection? I've tried with ":/ca-cert.pem" [...]
You can't. ":/filename" is only useful to Qt internals, but in this case the string will be handed over to the respective SQL driver and that neither does understand the syntax nor does it have access to ressources baked into your executable.
-
Yeah... that's what I thought (after trying).
I've been thinking about using the QTemporaryFile class, that way I would keep the certificates in the QRC file, "export" them to some temporary files, pass the path to the MySQL driver and deleting the files afterwards.
I don't like it from the security perspective (not that I have any vital information, just being geeky about it), but also... is there really no easier way? Would that still work on IOS/Android?
-
@Melsion Having the certificates inside your executable as resource isn't really more secure than copying them to a temp directory as everyone can just inspect your executable and find the certificates there.
It should work on iOS/Android but I'm wondering why you would access MySQL databases directly from iOS/Android? -
It's my first Qt application, it's a POS (with some inventory capabilities), it reads tables from the database and stores the necessary data in it. I have the SQL server on a Raspberry Pi so I can access the database from other computers.
Right now it's written in QtWidgets but I'm rewriting the interface to QML hoping to port it to iOS/Android and extend it's capabilities.
Any advice on better ways to connect to the data would be greatly appreciated!
-
@Melsion Usually you provide some interface (for example REST) to access databases. Exposing database connections to intranet/internet is dangerous.
-
Are they so dangerous even if only allowing connections with SSL certs? I've read about REST and I can't see how html requests can be safer (forgive my ignorance, I'm just trying to learn)...
-
Hi,
Because you don't expose your database to the whole internet by using Qt.