Best way to store MySQL login information in Java

Question

What is the best way to store MySQL login configuration settings in Java application.

I want to use MySQL connection in Java and become curious about

host/database/login/password

storage. My programm intend to be multithreading and write fixed login information to every class does not look nice. What is the best way to store auth data that can be used many times?

In PHP, for example, usually created mysqlinfo.php with global variables and included in every file. If some data change, all you need to do is modify mysqlinfo.php .

But what about Java? Should I user global variables or should I store login/password/etc. in private string of each class?

Answer 1

If it's a server application (runs in an Application or Web Server) you could use JNDI DataSource. Alternatively, you could store them in environment variables.

For a desktop application, you could use a property file and read the values from there. Again, reading them from environment variables is another option.

Answer 2

The Answer could be dependent on kind of application you are making. Since you mentioned php I guess you want a web based application. For Web Based application I would prefer it to be used as JNDI data source . With JNDI you will not be storing any of your User Id , Password etc in your Codes.

Answer 3

In Java, for global variables simply make a public class and define your global attributes there as static and call this class.

For example:

public class Globals{
public static String a;
public static int b;
}

It can be used like global variable by calling Globals.a & Globals.b but its not good way of code. For better security use JNDI as mentioned by Amir and Kumar.

Answer 4

It all depends on whether or not the login information should be confidential. For a desktop application JNDI seems a bit overkill, since you will need to manage that yourself.

Basically you have 2 options:

1. Keep the settings in a properties file. If the login information needs to be secret, you can encrypt this data to ensure people can't just read it and use that information.
2. Put the information fixed in your code. This isn't a very portable solution, since you have to recompile everything when you want to change any of this information.

Answer 5

Generally you want to manage connectivity information OUTSIDE of the application, such as in a configuration file. Then you have total control over which database the application can connect to in stead of being stuck with the one that is hard coded. I would be very unhappy if I cannot hook the application up to a test database or a failover database without having to build a new release of it!

Plus perhaps even more importantly: then someone could manage that without needing to know the internals of the application; you want yourself to be in the position where you can build the application and then let someone else worry about supporting it.