A theoretically question:
I have a C# Windows Form app, that sends back some user submitted data to an external mySQL server on the internet. How do I prevent people from seeing the username and password for the mySQL server? (Eg. by decompiling the C# exe program).
Best regards
Short answer: you can't - anything that runs on a machine you don't control can be decompiled etc.
Possible option:
You might try an approach with a SSL-secured webservice on server-side which authenticated clients via client-cert (part of SSL standard). That webservice would be accessing the DB on behalf of the clients. you can then secure the connection between webservice and DB network-wise...
Typically you either prompt the user for a credential, or you if the account is public (eg. credentials are insecure, as in your case) you limit what the account is allowed to do.
I would pass the user submitted data to another service which does the actual talking to the database server. That way your connection details can be kept apart from the client.
If you cannot do that then you should create a restricted account for your mySQL database which is used by your client code.
Live with the fact, that everything the client software knows is known to the user.
Set up the smallest possible interface for he client software to use. Instead of exposing a full DB account, use one restricted to some stored procedures only. Or don't access DB directly, but via a (web) service. Then, make sure the service only exposes safe-to-execute methods.
