部署Java Hibernate Project的正确方法
[英]Proper way to deploy Java Hibernate Project
问题描述
When I try to export a JavaSE + Hibernate project, the end result is I get a xyz.jar file, which can be extracted. 
当我尝试导出JavaSE + Hibernate项目时,最终结果是我得到一个xyz.jar文件,可以将其提取。 In that extracted file, I get a bunch of .class files, which is okay but the problem is I or anyone can open up hibernate.config.xml and check the database connection settings, which might look something like this: 在那个解压缩的文件中,我得到了一堆.class文件,这没关系,但是问题是我或任何人都可以打开hibernate.config.xml并检查数据库连接设置,看起来可能像这样:
...
<property name="connection.driver_class">com.mysql.jdbc.Driver</property>
<property name="connection.url">jdbc:mysql://localhost:3306/mydb</property>
<property name="connection.username">username</property>
<property name="connection.password">password</property>
...
suppose if the db is hosted on some server instead of local host, then anyone can potentially access my data just by looking at hibernate config. 假设如果数据库托管在某个服务器上而不是本地主机上,那么任何人都可以潜在地通过查看hibernate config访问我的数据。 Is there anyway to prevent this? 反正有防止这种情况发生的方法吗? Or am i doing it wrong. 还是我做错了。 Is there anyway i can make deployment more secure? 无论如何,我可以使部署更安全吗? (I am not used to deployment part of software development lifecycle) (我不习惯于部署软件开发生命周期的一部分)
1 个解决方案
解决方案1
0 2017-11-24 13:26:22
Well my way around it was using Java code for Hibernate configuration instead of xml. 我的解决方法是使用Java代码进行Hibernate配置,而不是xml。 In this way, when someone extracts the .jar file of your project, they will see bytecodes of configuration, instead of readable codes of xml. 这样,当有人提取项目的.jar文件时,他们将看到配置的字节码,而不是xml的可读代码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.