简体繁体 English

我将如何通过Java安全地连接到数据库？

[英]How would I go about connecting to a database securely via Java?

原文 2012-09-17 05:34:45 0 2 java/ database/ security/ encryption

I wish to connect to a Mysql Database with Java without revealing the password to anyone that may decompile my code? 我希望使用Java连接到Mysql数据库，而不向任何可能反编译我的代码的人透露密码？ I can efficiently connect to a database, but my ways will openly show my password in the code :( and wish only a response on how to hide the password. Thanks is advance, Josh Aurora 我可以有效地连接到数据库，但是我的方式将在代码中公开显示我的密码：（（并只希望提供有关如何隐藏密码的响应。谢谢您，Josh Aurora

2 个解决方案

OAuth allows client connection without storing credentials on client ( used widely on mobile devices or to identify tweitte applications ). OAuth允许客户端连接，而无需在客户端上存储凭据（在移动设备上广泛使用或用于标识tweitte应用程序）。 It also allows to remove access permissions from rogue clients. 它还允许从恶意客户端中删除访问权限。 But I doubt that mysql suzpports this directly,. 但是我怀疑mysql直接将suzpports打包。 so you will have to wrap your database with some kind of service layer. 因此，您将不得不使用某种服务层包装数据库。 One of usable imaplementations of OAuth: OAuth的可用实现之一：

http://code.google.com/p/oauth-signpost/ http://code.google.com/p/oauth-signpost/

(IIRC, used by Qipe ) （IIRC，由Qipe使用）

Assuming that the database which will be accessed will be on your machines, two things that come to mind: 假设将要访问的数据库在您的计算机上，请注意两点：

Set up a small secure REST service (as shown here ) which will, upon a certain request with certain credentials, pass the password to your database. 建立一个小型的安全REST服务（如图所示这里），将在与某些凭据一定的要求，通过密码到您的数据库。 This however might be an issue if your application is sitting behind some corporate firewall since you might need to add firewall exceptions, which is something that not all administrators are enthusiastic about. 但是，如果您的应用程序位于某些公司防火墙后面，则可能会出现问题，因为您可能需要添加防火墙例外，而并非所有管理员都热衷于此。
You could use a mix of Cryptography and Obfuscation to encrypt the password to the database and then obfuscate all your code. 您可以混合使用加密和混淆，以加密数据库密码，然后混淆所有代码。

As a note though, either of these methods can, in time be broken. 需要注意的是，这些方法中的任何一种都可以及时打破。 This is basically the rule about all security related software. 这基本上是所有与安全相关的软件的规则。

If it where up to me, I would go about this problem using the first approach and make sure that the credentials through which the service is accessed are changed often. 如果由我决定，我将使用第一种方法解决此问题，并确保经常更改用于访问服务的凭据。

However, databases which are used as part of a client solution contain pretty sensitive data which is in the client's interest not to tamper with, so the client will most likely not mess around with it, he/she will be happy as long as the system works. 但是，用作客户端解决方案一部分的数据库包含相当敏感的数据，这些数据对于客户端来说是不被篡改的，因此客户端很可能不会弄乱它，只要系统满意，他/她就会很高兴作品。

If on the other hand, the database is not deployed onto one of your machines then you can't really do much about it. 另一方面，如果数据库未部署到您的一台计算机上，那么您就不能做太多事情。 You could recommend that the server will be stored on a remote machine with access only over the intranet, but other than that, I do not think you can do much about it. 您可能建议将服务器存储在只能通过Intranet进行访问的远程计算机上，但是除此之外，我认为您不能做很多事情。