Share on Google+Share on Google+

Clark
How can I protect my database password ?
2 Answer(s)      6 years and 5 months ago
Posted in : JDBC

How can I protect my database password ? I'm writing a client-side java application that will access a database over the internet. I have concerns about the security of the database passwords. The client will have access in one way or another to the class files, where the connection string to the database, including user and password, is stored in as plain text. What can I do to protect my passwords?

Ads

View Answers

November 15, 2010 at 11:49 AM


Hi friends,

This is a very common question. Conclusion: JAD decompiles things easily and obfuscation would not help you. But you'd have the same problem with C/C++ because the connect string would still be visible in the executable.

SSL JDBC network drivers fix the password sniffing problem (in MySQL 4.0), but not the decompile problem. If you have a servlet container on the web server, I would go that route (see other discussion above) then you could at least keep people from reading/destroying your mysql database.

Make sure you use database security to limit that app user to the minimum tables that they need, then at least hackers will not be able to reconfigure your DBMS engine.

Aside from encryption issues over the internet, it seems to me that it is bad practise to embed user ID and password into program code. One could generally see the text even without decompilation in almost any language. This would be appropriate only to a read-only database meant to be open to the world. Normally one would either force the user to enter the information or keep it in a properties file.

Thanks.



November 15, 2010 at 11:49 AM


Hi friends,

This is a very common question. Conclusion: JAD decompiles things easily and obfuscation would not help you. But you'd have the same problem with C/C++ because the connect string would still be visible in the executable.

SSL JDBC network drivers fix the password sniffing problem (in MySQL 4.0), but not the decompile problem. If you have a servlet container on the web server, I would go that route (see other discussion above) then you could at least keep people from reading/destroying your mysql database.

Make sure you use database security to limit that app user to the minimum tables that they need, then at least hackers will not be able to reconfigure your DBMS engine.

Aside from encryption issues over the internet, it seems to me that it is bad practise to embed user ID and password into program code. One could generally see the text even without decompilation in almost any language. This would be appropriate only to a read-only database meant to be open to the world. Normally one would either force the user to enter the information or keep it in a properties file.

Thanks.










Related Tutorials/Questions & Answers:
Tutorials   
Java Spring Hibernate Struts Training how to retrieve text and images from mysql database and show on html page using jsp servlet How to install Neo4j on Ubuntu 15.10? please help me in these prog MYSQL - mysql copy table to another table example by creating new table solution for mapping hibernate and pojos from net beans through database Connect GWT application with Oracle inventory System of Medical Store inventory System of Medical Store inventory System of Medical Store inventory System of Medical Store This code have created jTable that connected with a database.every cell of last column have a button.But this button doesn't work properly.Where is the error java program Java Database Program jdbc Database connection class in a live project ..?? What is JDBC architecture? Unable to Create DSN for excel to ms access importing data and edit that data Database Scrolling Buttons how to use foreign key in java How to delete content of a log file from linux terminal? JSP-Oracle connectivity Student Management System Java code for Saving Marathi (Indian local language ) in Mysql and retrieving the same crud operations with foreign key constraint. I really need help with this assignment question Please help me out Please Backup Failed Mysqldump Got Errno 28 On Write Upgrade MySQL 5.1 to 5.5 in cpanel mysqldump all databases com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Table 'jpa.sequence' doesn't exist persistence xml class element persistence.xml for MySQL MySQL JDBC Driver pom dependency code Blob column jdk6 and oracle 8i connexion oracle 8i et jdk6 java [ cannot retrive date from sql ] why?? Order Entry System How to threow timeout exception when DB is not responding How to threow timeout exception when DB is not responding This is the employee form to add data to mysql database but I got error of NullPointerException, Is this write code please give me feedback as soon as possible make a method which takes user name & pwd as parameter & validate them against the database. If the corresponding user exist return true otherwise false. prabhakar validating credentials and displaying error message in login .jsp if not valid JDBC jdbc jdbc code register servlet vibhu connectiondetails from vibhu

Ads

 
Advertisement null

Ads