I created a java program with JDBC that successfully connects to my computer server's MySQL database like this:
try
{
// The newInstance() call is a work around for some
// broken Java implementations
Class.forName("com.mysql.jdbc.Driver").newInstance();
}
catch (Exception ex)
{
// handle the error
}
try
{
conn = DriverManager.getConnection(("jdbc:mysql://191.168.1.15:3306/databasename"), "username", "password");
// Do something with the Connection
}
catch (SQLException ex)
{
// handle any errors
System.out.println("SQLException: " + ex.getMessage());
System.out.println("SQLState: " + ex.getSQLState());
System.out.println("VendorError: " + ex.getErrorCode());
}
However, if someone who wanted to figure out the password, it would be very simple with any java decompiler. How would I be able to prevent them from finding the password, or username even, for that matter?
解决方案
When you give your users direct access to your database, then you have to remember that you have given them direct access to your database. You cannot change that. No amount of encryption or obfuscation can take that away that they have access to your database.
So you need to consider, do you really want them to have access to your database?
If you do want to give database access, make sure the permissions are set correctly. For example, if they only need read access, make sure that the user you have given them only has read access.
If you don't actually want them to access the database directly but you want them to have access to the data then don't put the database password in your program at all. You might for example want to set up a web service in front of your database and have your users query the web service. The web service would have the database password, but your users would not.
1078
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
