[英]What is the securest way of accessing a JavaDB/Derby database from a java app?
I'm recently trying to make a secure way of accessing a embbeded database without revealing the user and password to someone that knows how to read the .class files. 我最近正在尝试提供一种安全的方法来访问嵌入式数据库,而又不向知道如何读取.class文件的人透露用户和密码。 I know almost nothing about security, so any help, tip, recommendation would be useful. 我对安全性几乎一无所知,因此任何帮助,提示和建议都是有用的。
PD: I don't have any other security configuration, so if you have more tips about security I would also be thankful. PD:我没有其他安全配置,因此,如果您有更多有关安全的提示,我也将非常感激。
public void initializeDatabase() {
System.setProperty("derby.system.home", ".\\Data");
final String userAndPassword = "user=userName;password=strongPassword";
final String databaseURL = "jdbc:derby:directory:MyDerbyDB;" + userAndPassword;
// Opens the database connection.
try (Connection connection1 = DriverManager.getConnection(databaseURL)) {
} catch (SQLException exception1) {
if (exception1.getSQLState().equals("XJ004")) { // Database not found.
// Creates the database if it doesn't exist.
try (Connection connection2 = DriverManager.getConnection(databaseURL + ";create=true")) {
} catch (SQLException exception2) {
Logger.getLogger(ElVecino.class.getName()).log(Level.SEVERE, null, exception2);
System.exit(1);
}
// Create and initialize the database's tables.
EntityManagerFactory emf = Persistence.createEntityManagerFactory("ElVecinoPU");
EntityManager em = emf.createEntityManager();
EntityTransaction et = em.getTransaction();
try {
et.begin();
em.persist(new Category("A random category 1"));
em.persist(new Category("A random category 2"));
et.commit();
} catch (IllegalStateException e) {
} catch (EntityExistsException e) {
} catch (TransactionRequiredException e) {
} catch (RollbackException e) {
et.rollback();
}
em.close();
emf.close();
} else {
Logger.getLogger(ElVecino.class.getName()).log(Level.SEVERE, null, exception1);
System.exit(1);
}
}
// Closes the database connection.
try {
DriverManager.getConnection(databaseURL + ";shutdown=true");
//DriverManager.getConnection("jdbc:derby:;" + userAndPassword + ";shutdown=true");
} catch (SQLException exception) {
switch (exception.getSQLState()) {
case "08006": // Database shutdown.
case "XJ015": // Derby system shutdown.
break;
default:
Logger.getLogger(ElVecino.class.getName()).log(Level.SEVERE, null, exception);
System.exit(1);
}
}
}
I wouldn't store credentials in source code at all. 我根本不会在源代码中存储凭据。 Rather, retrieve them from external directory via JNDI 而是通过JNDI从外部目录检索它们
https://db.apache.org/derby/docs/10.3/devguide/cdevcsecure38522.html https://db.apache.org/derby/docs/10.3/devguide/cdevcsecure38522.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.