Im working in c#, I'm using mysql .net connector to interact with a remote mysql db. Is it safe to include the connection string inside the code and work with the db directly through the command object or should I be posting to a php middle layer to hide the connection string?
Thanks in advance.
In my opinion:
You shouldn't put Your connection string directly in Your C# code if Your application could be decompiled = I mean WinForms application.
If You are working on a Windows application, then try to implement a log-in window. Where user will pass his/her user name and password. This solution needs a mysql user or users for every person that would have access to the system.
If Your are working on a web application, then put You connection string inside web.config file.
If You are working on application with unrestricted access, then I think You should implement some layer... but remember, never pass SQL queries as plain text via network, as someone could sniff it. I would recommend some kind of webservice.
Then the connection string is just stored in the PHP middleware layer, so what's the difference? It has to be stored somewhere.
I would keep it simple and store it in the app.config or web.config of the C# app your writing.
Couple notes about storing it: - Production connection strings should not be stored in version control. - A production configuration file should exist on the production servers with the connection string. - For added security, you can encrypt your connection string (http://msdn.microsoft.com/en-us/library/89211k9b(v=vs.80).aspx)
