数据库密码存储问题,Java Web App
[英]Database password storing issue, Java Web App
问题描述
I'm part of a Java Spring Web app which should be very secure. 
我是应该非常安全的Java Spring Web应用程序的一部分。 So far, on test environment we're loading database username & password from a property file which lies on classpath. 到目前为止,在测试环境中,我们正在从位于类路径中的属性文件中加载数据库用户名和密码。 The password is encrypted with a key which we load from local file system. 使用从本地文件系统加载的密钥对密码进行加密。
My job is to find a better way(more secure one) using software tools only. 我的工作是仅使用软件工具找到一种更好的方法(更安全)。 I was thinking about supplying the db username and password on startup of webapp or smth like that(But still does not seem ok because the DB admin should be present on startup). 我正在考虑在启动webapp或诸如此类的东西时提供db用户名和密码(但似乎还不行,因为启动时应该有数据库管理员)。 Other than that I'm stuck. 除此之外,我被困住了。
What is the best way to deal with this issue? 解决此问题的最佳方法是什么?
1 个解决方案
解决方案1
0 2012-11-13 11:38:35
You need to lock down the database so that only the app can talk to it with minimal creds as possible. 您需要锁定数据库,以便只有应用程序才能以最小的信誉与之对话。
One way is restrict it so that only app servers private IP is only accepted. 一种方法是限制它,以便仅接受应用程序服务器专用IP。 Make it so the database only listens to private (internal) network connections. 做到这一点,以便数据库仅侦听专用(内部)网络连接。
The password is a red herring. 密码是红色鲱鱼。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.