I have already done web application with access to MySQL database via PHP and I know that the configuration files for access to the database are on the server side, only the necessary data is returned to the user's browser, user does not have access to such data.
If I make a client desktop application for database access remotely, is it possible for someone to reverse engineer the database password through the connectionString? If so, how should I proceed?
Do not connect the client application directly to the database service, because if your application code contains usernames and passwords, your database will be at risk.
I'll give you some suggestions so that, depending on the architecture of your system, you can see if that can solve your situation.
1- Requests and responses can be made via webservice, exchanging data in JSON or XML format, for example. When authenticating the user, I suggest assigning a token to it, which can be sent to each query while the session is active, serving as a passkey. Tips for creating your webservices Yii2 (PHP) and Django (python)
2- Firebase can be an interesting solution as it has a real-time database, where you can configure the write and read permissions by the nodes. Spoiler: Documentation is very vast and there are many resources for authentication.
