java 加密数据库密码,Java播放加密数据库密码

在开发Java Play应用程序时,不应在application.conf文件中明文存储数据库密码。为确保服务器安全,建议将敏感信息如密码存储在不被版本控制系统跟踪的外部文件中,例如创建一个名为secure.conf的文件,并将其添加到.gitignore,以此来保护密码不被泄露。
摘要由CSDN通过智能技术生成

I'm developing a Java Play application and I'm storing the Database password in plain text inside the application.conf file.

db.default.url="jdbc:oracle:thin:@HOST:PORT/SID"

db.default.user=USER

db.default.pass=PW

Now i want to store it as an encrypted password.

While searching for a solution I saw many articals about implementing a plugin. Following is an solution I came across.

In that example, play.PlayPlugin is used but when I try it, I get an package not found error. Do I need to insert an external jar file or is it because of a version problem. I'm using Java play 1.2

Is there any other way to store password in encrypted format other than a plugin.

解决方案

You shouldn't need to encrypt anything inside your own system. Just make sure your server is secure.

Since you will need to let your application access the password, an attacker who has access to your system would be able to get to your password anyway.

But never ever check your passwords into git (or subversion or whatever)!

Instead what you should do is this:

Add this line to your application.conf:

include "secret.conf"

Create the secure.conf in your conf-folder.And save all your credentials in this file.

Add secure.conf to your .gitignore, so it doesn't go into your Git.

Manually add and update the secure.conf-file on your server.

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值