应用程序属性中的 Spring Boot 密码加密,这是可供选择的选项
[英]Spring Boot password encryption in application properties which is option to choose
问题描述
I followed the below links for encrypting the password in my application properties file.
我按照以下链接加密我的应用程序属性文件中的密码。
http://www.technovillage.org/?p=187 http://www.technovillage.org/?p=187
https://www.ricston.com/blog/encrypting-properties-in-spring-boot-with-jasypt-spring-boot/ https://www.ricston.com/blog/encrypting-properties-in-spring-boot-with-jasypt-spring-boot/
I am just wondering which option here is more safer keeping the jasypt.encryptor.password in the application properties(then someone will decrypt my encrypted password using encryptor password.)我只是想知道这里哪个选项更安全,将 jasypt.encryptor.password 保留在应用程序属性中(然后有人将使用加密器密码解密我的加密密码。)
Or I shall pass it as a jvm parameter while starting the application.或者我将在启动应用程序时将其作为 jvm 参数传递。
Just wanted thoughts.只是想念。 Thanks in advance提前致谢
1 个解决方案
解决方案1
1 已采纳 2018-02-14 20:41:35
If you don't want to keep the real password in application.properties file to keep it as a secret, it wouldn't make any sense to keep the necessary information to decode it in there - you might just as well keep the decoded password there in that case.如果您不想在 application.properties 文件中保留真实密码以将其保密,那么将必要的信息保留在其中以对其进行解码是没有任何意义的 - 您最好保留解码后的密码在那种情况下。 Thus passing it as a jvm parameter would be more safer - that way people who have access to the repository wouldn't have access to the password.因此,将它作为 jvm 参数传递会更安全 - 这样可以访问存储库的人将无法访问密码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.