We are trying to secure a SQL Anywhere (v17) database used by our application.
Ideally we want all access to the database to be through our application only. Currently its quite easy to discover the username/password used by our applications ODBC connection to the database.
What options do we have to further secure our database and stop any connections that don't originate from our application?
We have considered using the login_procedure option to write logic to only accept connections from our applications full path / filename taken from AppInfo, and applying this to all connections. The general idea stems from this post.
Would this be enough, or is there some way this could be bypassed? (without our users renaming their application and moving it into the approved path - we aren't concerned about this scenario as it is unlikely given how heavily used our application is).
Are there better solutions to locking down the database, given that our application is currently dependant on one username/password which has access to most tables? (We understand this itself isn't ideal - but changing it would require a lot of redevelopment)
We would appreciate any insights
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.