How do I avoid having the database password stored in plaintext in sourcecode?

Question

In the web-application I\'m developing I currently use a naive solution when connecting to the database:

Connection c = DriverManager.getConnection(\"url\",          


        

Answer 1

Assuming that you are using MS SQL, you can take advantage of windows authentication which requires no ussername/pass anywhere in source code. Otherwise I would have to agree with the other posters recommending app.config + encryption.