Database Security

How are the login credentials to a remote SQL Server database connection secured? This is a deployment to a Windows web host which includes a SQL Server.
Thank you

Environment variables can be used to store login credentials to the remote SQL Server. The information on how to setup and use Environment variables is available here:

This is very useful, thanks. But how are these environment variables secured from the user of the web app? Also, what files are these stored in–I would want to ignore them in a git repo?

The ENV variables are saved in the config.json files. These files are available under app->config->config.json and in the hidden folder wappler for each target.

These files stay on the server where the web app is deployed. So, when web app is deployed on the Windows Server, the files will be saved in the folder that would have been created on the C: under intetpub->wwwroot->websites->web-app.

The git repo can be marked as private. Then you can authorise users who have access to this repository.

Wappler doesn’t make it easy to do what you want to do - it seems they favour convenience over security. I tried shining some light into these issues but they were in vain

Best option you have here is make use of environment variables, and make sure you define those variables in a .env file and gitignore that file instead of relying on Wappler’s UI to define those (as otherwise they’d be stored in a Wappler .json file)

1 Like

Perfect. Thank you, this is the kind of direct answer, with a great alternative, which really helps me.