Hello all.
I'm building a web applet that will administer a database. Currently my mysql connection values are in plain sight and easy to grab from the .jar file by anyone wise enough to go looking for them.
I would like your advice on how to hide them or encrypt them so they aren't easily viewable by simply opening up the .class files in notepad.
thanks in advance for any feedback and/or link!
If I understand your question correctly, you are looking for something generally called obfuscation rather than encryption, although encryption techniques are often used in service of obfuscation.
Google on "java obfuscator" or "java obfuscation" or "byte code obfuscation", etc.
I'm not so certain this will work, ghstark. What vesper8 is asking is to hide the connection parameters, which are specified as a string parameter. While I am familiar with the concept of obfuscators, can obfuscators obfuscate even string parameters in the code?
Vesper8, if you're truly interested in securing the JDBC connection params, you might want to rethink your architecture. Either have the applet communicate with a servlet and then have the servlet communicate with the database, or instead of using an applet, use JSP webpages (which will eliminate the need to download applet class files containing the passwords to your database) that communicate to the servlet, which communicate with the DB.
In either case, you can store the DB connection parameters on the server, and secure the server, thus ensuring that the user's using your GUI will not be able to get the DB connection values.
thank you for your reply arshad.noor, I've been talking about this some more and yes I've decided to go with the servlet route. However servlets look pretty complicated and so it may take me a while to figure that part out.
In the meantime.. I was thinking I could make my applet request the mysql connection values from a php function. This should effectively hide the values and should be easy enough to set up I would think.
Later, I would like to make all my SQL querries be run from the servlet so that I wouldn't have to give wildflag access to my DB.
But.. do you know if the servlet would be capable of returning resultsets to the applet ? If so then it looks like this will work.