How are secure database connections usually implemented in JAR files?

Question

I\'m not a Java developer, but my client has hired one to update some JAR files on their site. Prior to doing so, we audited the existing code and found a number of security

Answer 1

To put it in plain text is (i think) serious vulnerable. Indeed, one can extract the jar and read what's written in that plain text.

If using a jar is a must, i will recommend to create a class (just a simple class) which contains the username, password, url, etc with final keyword. Even though this method is not really secure, at least a compiled class cannot be easily read. Another advantage (or perhaps disadvantage) is the 'hard-coded' connection properties cannot be easily modified. Even if you have the source code, you still need to re-compile it and re-jar it.