独立Java应用程序中的PostgreSQL安全连接
[英]PostgreSQL secure connection in standalone java application
问题描述
I'm creating standalone application (GUI-based on Swing). 
我正在创建独立的应用程序(基于Swing的GUI)。 It will be like password holder (eg login / passwords for user specified sites) 就像密码持有人一样(例如,用户指定站点的登录名/密码)
It connects to remote psql database. 它连接到远程psql数据库。 And connection to the database stores in db.properties files. 与数据库的连接存储在db.properties文件中。
What I would like: 我想要的是:
- How could I 'hide' database connection from user who will unarchive my .jar package? 我该如何“隐藏”将取消归档.jar软件包的用户的数据库连接? (in worst case at least the password of the connecting user) (在最坏的情况下,至少是连接用户的密码)
- Is there any way to prevent decompiling / debugging the file? 有什么方法可以防止反编译/调试文件?
1 个解决方案
解决方案1
1 已采纳 2013-02-04 18:54:38
I recommend storing the DB credentials in an environment variable and having the source code read in the value. 我建议将数据库凭证存储在环境变量中,并在值中读取源代码。
This prevents having to store the credentials in source control or binaries but allows you to easily provision/change your secrets. 这样可以避免将凭据存储在源代码管理或二进制文件中,但可以轻松配置/更改机密。
This has become a best practice included in "12 factor apps" and models the way Heroku and other hosting services manage application level config. 这已成为“ 12要素应用程序”中包括的最佳实践,并模拟了Heroku和其他托管服务管理应用程序级别配置的方式。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.