I just started on a new Electron project that needs to access a database, e.g. SQLite. The database will be on a shared drive that should be accessed by the Electron app.
To do that, I need to provide the path as well as the password for the database to the Electron app. Since it's desktop application, I deliver the whole application incl. the database credentials to the user.
From my point of view, this is not a good approach from a security perpective.
So the question is, where do I store these details, especially the credentials?
The same issue applies if I use e.g. another database like MySQL. There, I also need to store the host and the credentials.
Related
Basically there are some shared Excel files on my corporation's Sharepoint and I need local copies of It for data analysis. I am able to manually download all I need, but I need to automate this work somehow.
I'm writing this post because of issues regarding two aspects of this problem:
Microsoft Licenses: as I'm using a personal account on a corporation domain (for my work), so Microsoft won't let me setup gateways on Power Automate. I was able to create a Power Automate Flow that does exactly what I need, but my end point is messed up (can't connect to my local machine so I can create the file I need with the data from Sharepoint). I cannot acess these files with other account.
Two-factor authentication: I'm unable to use APIs with Sharepoint apparently because of this, and the authentication is something that I cannot disable due to my corporation's policies.
Any workaround is viable? I need some new ideas.
You could use PnP.PowerShell to automate this task.
For authentication issue just register an app on the target site collection and grant is access. Then use this app credentials to connect to the SharePoint site and download the files.
Reference -
To create a new app - https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins/register-sharepoint-add-ins#to-register-by-using-appregnewaspx
Grant access to this app - https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs#setting-up-an-app-only-principal-with-tenant-permissions
Use this app to authenticate - https://pnp.github.io/powershell/cmdlets/Connect-PnPOnline.html#example-3
I'm fairly new at building Electron apps and I've seen a lot of examples where Electron app connects directly to a remote database (MySQL in my case) so I started wondering what the problems might be with doing it that way. My first thought was to have a remote API (built on top of Express) which would communicate with the database and Electron app (React) would just utilize that API.
Any advice? Thoughts?
Thanks.
A problem with directly connecting to the database is you have to embed the database credentials in the electron app which makes them available to anyone who wants to snoop through the code. In addition, once the credentials are exposed, you lose control over what anyone can do to your database.
This is why you would usually give the user their own credentials, have the user authenticate to a web server and then have the web server be the only one who can directly talk to the remote database. You can then completely control what happens to the database since your web server is the intermediary and the only one that actually talks to the database.
This doesn't mean that there aren't some circumstances where you might want the client to talk directly to the database as it really depends upon what you're doing, what the data is and what the risk exposure is for allowing untrusted code to directly manipulate the data in the database.
Remember, you cannot protect credentials embedded in a client. They can be discovered by the client and used for other things.
How can i distibute an AIR application attached with MySQL database. I actually want, that the user should not be bothered with setting up the database ( the way it needs to be done, when installing a web application like wordpress etc, that communicates with database).
Also cannot use JSON or XML, as the data is confidential.
Can sqlite or mongo be a better option ?
Vishwas
We have a app which works offline as the data is stored locally using local storage and HTML5 offline capabilities.
We want a way to authenticate the user when the user tries to launch the app offline (from a security purpose if ipad gets stolen).
We already have the authentication mechanism when the user tries to access the app while online
Crudely, you can use the person's password as the local storage database name. No password, no database access.
One solution is to save the last successful online login into some local storage. Now when user is in offline-mode then compare with the value stored in Local Storage.
Following is the sample snippet for Local Storage in HTML 5 :
if (window.localStorage.getItem('value')) {
dummy = window.localStorage.getItem('value');
}
Hope this might solve the problem.
I have IIS7.5 with two websites, and I have an Access database on a server on our network.
The first website has anonymous auth on, using a specific network account (lets say 'jim.smith').
The second website has windows auth on.
I've written some ASP to use a DSN-Less connection to the Access database, and I'm using the same code in both websites.
When logged on to a computer with the same network account as is in use with the first website anonymous setting ('jim.smith') - when viewing in a browser, the first website has access to the database, the second website does not.
The error message is: 80004005 The Microsoft Jet database engine cannot open the file '...'. It is already opened exclusively by another user, or you need permission to view its data.
It is definitely not opened by another user.
So the first website is being accessed by network user 'jim.smith' via the anonymous setting.
The second website is being accessed by network user 'jim.smith' via windows auth.
Why would access to the database work from website one, and not website two..?
Does anyone know how to make windows auth work the same as the anonymous setting so I have access to the database from website two..?
Cheers!
Steve
Edit: Everyone has full rights to the folder where the database sits.
Seems to me that you need to enable impersonation so that the incoming user is used to acces the database. Otherwise the user of the application pool is used and this usually doesn't even have right on the server itself ( Application Pool Identity)
When using 'Integrated Pipeline' on IIS on the server, and if your application does not rely on impersonating the requesting user in the 'BeginRequest' and 'AuthenticateRequest' stages (the only stages where impersonation is not possible in Integrated mode), but still requires Impersonation in other areas of the application, ignore this error (500 - Internal Server Error) by adding the following to your application’s web.config
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
</system.webServer>
See:
http://allen-conway-dotnet.blogspot.com/2010/11/how-to-use-impersonation-in-aspnet.html