I want to program a Java Applet that connects to my personal MySQL database.
Now my question is: Can somebody e.g. open the class-file(s) from the JAR and look for the password/string? (Of course I would exclude the source files when I generate the JAR.) So is it insecure to put the password (as a plain string) in the code?
If it is insecure, what would you suggest. Obfuscator? No direct connection (e.g. using PHP-scripts)? Other options?
It's in general a bad idea as anyone could as well just sniff the packets sent. You should write a small web service (simple php/asp page) that handles authentication through http get/post and only submits requests you permit (e.g. avoid someone sniffing the username/password and then drop the database or modify it).
Also let the user create his/her own account to submit. If you're talking about some proposed high score functionality, just submit the name, highscore and some kind of checksum (and maybe some token) but there's no 100% secure way to do it.
