堆栈内存溢出
  简体   繁体   English

Java Play加密数据库密码

[英]Java Play Encrypt Database Password

 原文  2015-08-19 10:17:31       java/ encryption/ playframework/ cryptography/ passwords

问题描述

I'm developing a Java Play application and I'm storing the Database password in plain text inside the application.conf file. 我正在开发Java Play应用程序,并将数据库密码以纯文本格式存储在application.conf文件中。 

db.default.url="jdbc:oracle:thin:@HOST:PORT/SID"
db.default.user=USER
db.default.pass=PW

Now i want to store it as an encrypted password. 现在我想将其存储为加密密码。

While searching for a solution I saw many articals about implementing a plugin. 在寻找解决方案时,我看到了许多有关实现插件的文章。 Following is an solution I came across. 以下是我遇到的解决方案。

Encrypting db password in application.conf 在application.conf中加密数据库密码

In that example, play.PlayPlugin is used but when I try it, I get an package not found error. 在该示例中,使用了play.PlayPlugin,但是当我尝试它时,出现未找到包的错误。 Do I need to insert an external jar file or is it because of a version problem. 我是否需要插入外部jar文件,还是因为版本问题。 I'm using Java play 1.2 我正在使用Java play 1.2

Is there any other way to store password in encrypted format other than a plugin. 除了插件外,还有其他任何方法可以以加密格式存储密码。

2 个解决方案

解决方案1
 3  2015-08-29 21:04:26

You shouldn't need to encrypt anything inside your own system. 您无需在自己的系统中加密任何内容。 Just make sure your server is secure. 只要确保您的服务器是安全的即可。

Since you will need to let your application access the password, an attacker who has access to your system would be able to get to your password anyway. 由于您需要让您的应用程序访问密码,因此有权访问您系统的攻击者无论如何都可以获取您的密码。

But never ever check your passwords into git (or subversion or whatever)! 但是永远不要将您的密码检入git(或subversion或其他版本)!

Instead what you should do is this: 相反,您应该这样做:

  1. Add this line to your application.conf : 将此行添加到您的application.conf 

     include "secure.conf"

  2. Create the secure.conf in your conf -folder.And save all your credentials in this file. conf文件secure.conf中创建secure.conf文件,并将所有凭据保存在此文件中。

  3. Add secure.conf to your .gitignore , so it doesn't go into your Git. secure.conf添加到您的.gitignore ,这样它就不会进入您的Git中。
  4. Manually add and update the secure.conf -file on your server. 在服务器上手动添加和更新secure.conf文件。

解决方案2
 -1  2015-08-19 10:25:51

Is there any other way to store password in encrypted format other than a plugin. 除了插件外,还有其他任何方法可以以加密格式存储密码。

Well you could create your own formula for encrypting and decrypting the password. 好吧,您可以创建自己的公式来对密码进行加密和解密。 For example you can store the password in character array, make characters into bytes, do something to those bytes and save it into a file. 例如,您可以将密码存储在字符数组中,将字符转换为字节,对这些字节进行处理,然后将其保存到文件中。 For decrypting you just do all that stuff backwards. 对于解密,您只需向后进行所有操作即可。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在Java中加密数据库用户名和密码? - encrypt database username and password in java? 使用Java加密RDP密码 - Encrypt RDP password with Java 使用密码java加密消息 - encrypt a message with an password java Java用密码加密文件 - Java encrypt files with password 如何从JPasswordField Java加密/解密密码 - How to encrypt/decrypt a password from a JPasswordField Java 加密首选项/属性文件中的密码 - Java - Encrypt a password in a preferences/properties file - Java 如何使用Maven从Java加密密码? - How to use Maven to encrypt a password — from Java? 用于LDAP的ssha中用于密码加密的java方法 - java method for password encrypt in ssha for LDAP 如何在java中使用spring hibernate加密密码 - how to encrypt password using spring hibernate in java Java数据库用户名和密码 - Java database username and password
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM