I store the credentials in an encrypted format, and the encryption library that contains the key is a different file and is itself password protected. Only I know the. keys and passwords. That probably isn’t even enough for a lot of people who would still not recommend this, but frankly I do not think I should have to set up a web server just so I can secure passwords. Perhaps we sould have had a special password variable that was self encrypting using an unknown key.
Bob S On Jul 2, 2025, at 9:10 AM, panagiotis merakos via use-livecode <use-livecode@lists.runrev.com> wrote: Hello all, Off-topic (or maybe not) - it is not suggested to access the MySQL database directly from the client app, either it is a Desktop app or a mobile one. Accessing the DB directly means the credentials are stored in the app, so theoretically a malicious actor could extract those from the app. The recommended approach is to have the client app talk with the DB via a LC Server .lc script, which will handle all the confidential info. So the credentials will never leave the server. The flow is the following: The client app talks to the server -> the server connects to the DB and does the SQL query -> the DB returns the result to the server -> the server returns the result back to the app. Hope this helps. Kind regards, Panos _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode