Username and Password encryption
Hi everyone,
I have application where in i m connecting to DB at present i m hardcoding username n password to the DB.
But recently i read abt JCE for encrpyting secure data i tired to implement it n it works fine but again the data tht has to b encrypted is present in the code....then i read abt storing secure data into a file n then giving file permission only to access by the particular application..i dont have much idea abt how to go abt..
can any1 help me how can i implement in my application so tht i dont have to hardcode usename n password...
waiting for reply soon........
thank you.
# 1
Wherever you store it, you will have to secure it, which just gives you another key or password you have to store somewhere, and secure it, which gives you another key or password, ...
Actually the code is probably one of the more secure places you can put it. Unless the DBA is going to change the password some time ...
ejpa at 2007-7-13 0:25:35 >
# 2
Thanks ejb...
But can u explain me in detail........
now i store my username n password into a file and also i store key value in a file.....
n then access them using cryptography method.....
but can u explain me your statement
"Wherever you store it, you will have to secure it, which just gives you another key or password you have to store somewhere, and secure it, which gives you another key or password, ..."
Thanks a lot
# 3
If you put the key into a file, you will want to encrypt it, otherwise you may as well not encrypt the original data. So you will have to put the second encryption key somewhere. So you will want to encrypt that. So you will then have a third encryption key to put somewhere secure. This problem goes on forever.
ejpa at 2007-7-13 0:25:36 >
