Java Servlet DB用户名和密码存储位置
[英]Java Servlet DB username and password store location
问题描述
I'm totally beginner in servlets. 
我是servlet的初学者。
I know I can set init params in web.xml . 我知道我可以在web.xml设置init params。
My question is : 我的问题是:
Is it good to store DB user and DB password in web.xml for the ease of configuration? 为了便于配置,在web.xml存储数据库用户和数据库密码是否合适?
OR 要么
Shall I store them Hard-coded for security wise? 我应该存储Hard-coded以保证安全吗?
In other words is web.xml visible to end user? 换句话说,最终用户可以看到web.xml吗?
1 个解决方案
解决方案1
7 已采纳 2013-12-23 07:38:47
Is it good to store db user and pass in web.xml for the ease of configuration? 是否可以存储db用户并传入web.xml以便于配置?
- It is not a very good thing to store the username and password in web.xml rather you can put the username and password in a separate file in your environment. 在web.xml中存储用户名和密码并不是一件好事,而是可以将用户名和密码放在环境中的单独文件中。 then, provide the location of that file in your web.xml. 然后,在web.xml中提供该文件的位置。 You can also restrict the access to the file only to the root user who runs your application 您还可以将对文件的访问权限仅限于运行应用程序的root用户
shall I store them in code for security wise? 为了安全起见,我应该将它们存储在代码中?
- Storing the username and password in code is a good idea. 在代码中存储用户名和密码是个好主意。 but, it has disadvantages like you need to recompile,build and deploy if your credentials change. 但是,它有一些缺点,如果您的凭据发生更改,您需要重新编译,构建和部署。 The other thing is by making use of decompiler, there are chances your credentials can be identified 另一件事是通过使用反编译器,有可能识别您的凭据
In other words is web.xml visible to end user? 换句话说,最终用户可以看到web.xml吗?
- No, web.xml is not visible to end users. 不,最终用户看不到web.xml。 It is a configuration file for your web application know as deployment descriptor. 它是Web应用程序的配置文件,称为部署描述符。 This file is used by the web application server during deployment. 在部署期间,Web应用程序服务器将使用此文件。
Hope, you understand it now! 希望,你现在明白了!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.