I want to make a project in blazor wasm and make it public, but is it safe to connect to MySql using appsettings.json?

CodePudding user response：

Short answer: It's not safe.

Blazor web assembly is a client application which will run at the client's browser, so all the information could be found at client.

Besides, by default we will not use appsettings.json in the Blazor web assembly application.

The right way should be you should create a web api which connect to your SQL server instead of directly connecting inside the web assembly.

CodePudding user response：

About what appsetting.json are we talking about? I guess it's appsettings.json on Server project while using Hosted solution for Blazor app. (otherwise it would be highly non-standard and unsecured to let your connection string be downloaded to client)

If "make it public" means people will use your webapp, but your source code of Server app is not public - You are technically kind of fine, because appsettings.json doesn't get to client. I would not recommend though.

Your next option can be storing your real connection string within some hosting configuration (tutorial for azure). That way you can even open-sourced your code, because connection string is not there any more.

Best option is probably to store it securely in something like Azure Key Vault.