Link to Original Post. (http://www.facepunch.com/showpost.php?p=13636547&postcount=8)

This is kind of worrying. Is there any really easy way of preventing decompilers or a fairly simple way of getting MySQL to connect securely.

I looked into stunnel, installed it onto my server. But I couldn't understand it. :3

He also mentions a PHP script, I could get the password from the php script. But it could easily backfire if a Fiddler (HTTP Sniffer) found out the query I performed to get the data.

Darn.

He means a server side script that connects to the database and contents the password to access the my sql database.
It´s like the login here at the indigorose forum.
The password to access the sql-database is stored in a php script. this php-script opens the database and check if the user and password provided by you is correct. if your user exists in the database an the userpassword is correct the script grants you access.

He means a server side script that connects to the database and contents the password to access the my sql database.
It´s like the login here at the indigorose forum.
The password to access the sql-database is stored in a php script. this php-script opens the database and check if the user and password provided by you is correct. if your user exists in the database an the userpassword is correct the script grants you access.

i think he understands this but how that works and hes right only would have to see what was going in and down to find out a way around it if they new what the app was asking of the php file they could bypass this.

@ Shadow i think people are right there is no True way of stopsing people
from doing this just md5 and encrpit it all or something more of a pain in the arss but gives them more work, end of the day hackers are hackers and
they are good at what they do lol.

i think he understands this but how that works and hes right only would have to see what was going in and down to find out a way around it if they new what the app was asking of the php file they could bypass this.

@ Shadow i think people are right there is no True way of stopsing people
from doing this just md5 and encrpit it all or something more of a pain in the arss but gives them more work, end of the day hackers are hackers and
they are good at what they do lol.

I already use MD5. The point is, This guy has managed to find the database password already. OR at least the hexed version or something.

I already use MD5. The point is, This guy has managed to find the database password already. OR at least the hexed version or something.

Well host a php file that conects to the data base and then if the php and the app are talking with the right info it will send the app the right data but i am not sure how you would do this.:wow

Pre-encrypt the MySql username and password (and db name) and parse it to the php script?

Compare it and get stuff...