Python desktop application: storing cloud database passwords

I am currently building a Python desktop application in PyQt/PySide which will be compiled to .exe. I am planning to use the Azure SQL database and a remote file storage (like S3).

An issue arises that the application needs passwords (credentials) to access these services and be able to upload files etc. "Hardcoding" them is obviously a wrong solution:

1. the application could be possibly decompiled or the passwords could otherwise be accessed.
2. the application would lose access to the services if the passwords ever changed. I will mostly know the users but I am not planning to restrict resale or installation, nor an automatic update mechanism, which means I will be unable to notify all the potential users if I change something.

I have thought of running a server (web service), like in node.js/express, to which the users would authenticate (there will be a login/accounts functionality in the application) and the service itself would be storing the actual credentials server-side, that is, the desktop client application would never have to access them directly, and the users would only be accessing the server through the client application, not the actual database.

However, I wanted as little overhead as possible, only the client + database - user authentication would be done simply through querying the database directly from the application - without a server.

As I understand it, from reading articles and similar questions on the forum, there is no secure solution outside of running the server - is this a correct conclusion? That is, running a server is inevitable?

Thank you in advance for advice.

Asked by user253138 (3 )
Mar 21, 2021 at 10:48