发表新帖
发表新帖

How do I avoid having the database password stored in plaintext in sourcecode?

前端 未结
关注
6 1616
情书的邮戳
情书的邮戳 2021-01-01 12:17

In the web-application I\'m developing I currently use a naive solution when connecting to the database:

Connection c = DriverManager.getConnection(\"url\",
6条回答
  • 轻奢々
    轻奢々 (楼主)
    2021-01-01 12:29

    1. Create an O/S user
    2. Put the password in an O/S environment variable for that user
    3. Run the program as that user

    Advantages:

    1. Only root or that user can view that user's O/S environment variables
    2. Survives reboot
    3. You never accidentally check password in to source control
    4. You don't need to worry about screwing up file permissions
    5. You don't need to worry about where you store an encryption key
    6. Works x-platform

    0 讨论(0)
 看不清?
提交回复
热议问题