Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Database Connectivity >> Java Database Connectivity (JDBC)

Encrypt JDBC connection string

Hi,

I've read many posts on password encryption, but all are regarding to the user password encryption;

but I think the first is to encrypt the database connection string.

So, I want to know if it is possible to encrypt the JDBC connection string, in order to avoid anyone can access my DB.

I use this string in my program code:

Class.forName("com.mysql.jdbc.Driver").newInstance();

con =

DriverManager.getConnection("jdbc:mysql://localhost/my_db_name","my_user_name","my_password");

The problem is, if anyone decompile class files of my app,

he can read user and pass, and easily access to DB.

I could store user and pass in a file, but I always need to encrypt them.

Is it possible to encrypt database connection user and pass?

Thank you in advance.

MargNat

Message was edited by:

MargNat

[990 byte] By [MargNata] at [2007-11-26 18:55:39]
«« Question regarding Applet and JVM
»» How to open a new frame from an existing frame?
# 1
> Is it possible to encrypt database connection user> and pass?> You can encrypt anything you like in your code BUT if you decrypt it in your code then so can any Joe Hacker.
sabre150a at 2007-7-9 20:34:03 > top of Java-index,Database Connectivity,Java Database Connectivity (JDBC)...
# 2
you could change your program to display InputDialog (use JOPtionpane or your own class, use JPasswordField ) to ask user to giving userid and his/her password
p_epia at 2007-7-9 20:34:03 > top of Java-index,Database Connectivity,Java Database Connectivity (JDBC)...
# 3

>you could change your program to display InputDialog (use JOPtionpane or >your own class, use JPasswordField ) to ask user to giving userid and his/her >password

I already do this, and I have also user name and password encrypted in my DB;

What I want to encrypt is the username and password i use to access mysql database, that I've placed in my code.

Unfortunately, is very simple to decrypt java bytecode (instead of assembler).

So, someone, simply, can decompile it, take my username and password, access to db, and delete all tables or anything like this.

I only want to know if ther is any alternative solution in that sense, I can use, instead of placing user and pass in my code.

Thank you again

MargNat.

MargNata at 2007-7-9 20:34:03 > top of Java-index,Database Connectivity,Java Database Connectivity (JDBC)...
# 4
I, too, am looking for a workable solution to this issue.Can anyone provide some suggestions for hiding database connection strings, usernames and passwords. This would be for a Java application deployed via JWS.
mapernaa at 2007-7-9 20:34:03 > top of Java-index,Database Connectivity,Java Database Connectivity (JDBC)...
# 5

> I, too, am looking for a workable solution to this

> issue.

>

> Can anyone provide some suggestions for hiding

> database connection strings, usernames and passwords.

> This would be for a Java application deployed via

> JWS.

Yes the answer is the same that it always is.

You need to not connect to the database from the applet, or webstart etc. Instead connect from their to a another tier under your exclusive control (for example a Servlet) and have the connection code there.

There is no other real solution for this and this is why by and large that JDBC code in applets is discouraged.

cotton.ma at 2007-7-9 20:34:03 > top of Java-index,Database Connectivity,Java Database Connectivity (JDBC)...
Java Database Connectivity (JDBC)

Database Connectivity New Topic

Database Connectivity Hot Topic

Database Connectivity

All Classified