mysql隐藏密码_如何从使用该程序的人隐藏MySQL数据库的密码

bd96500e110b49cbb3cd949968f18be7.png

I created a java program with JDBC that successfully connects to my computer server's MySQL database like this:

try

{

// The newInstance() call is a work around for some

// broken Java implementations

Class.forName("com.mysql.jdbc.Driver").newInstance();

}

catch (Exception ex)

{

// handle the error

}

try

{

conn = DriverManager.getConnection(("jdbc:mysql://191.168.1.15:3306/databasename"), "username", "password");

// Do something with the Connection

}

catch (SQLException ex)

{

// handle any errors

System.out.println("SQLException: " + ex.getMessage());

System.out.println("SQLState: " + ex.getSQLState());

System.out.println("VendorError: " + ex.getErrorCode());

}

However, if someone who wanted to figure out the password, it would be very simple with any java decompiler. How would I be able to prevent them from finding the password, or username even, for that matter?

解决方案

When you give your users direct access to your database, then you have to remember that you have given them direct access to your database. You cannot change that. No amount of encryption or obfuscation can take that away that they have access to your database.

So you need to consider, do you really want them to have access to your database?

If you do want to give database access, make sure the permissions are set correctly. For example, if they only need read access, make sure that the user you have given them only has read access.

If you don't actually want them to access the database directly but you want them to have access to the data then don't put the database password in your program at all. You might for example want to set up a web service in front of your database and have your users query the web service. The web service would have the database password, but your users would not.

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值