how to store java application password safely in database
Question
I have java application that connects to other tools via API. currently all password are stored locally in the application.
I want to store them safely in database, hash password within database and decrypt when I retrieve passwords at run time. is this the best approach ?
thanks
4 answers
solution1
0 2019-07-02 12:45:11
您可以使用非对称密码术或其他任何方法安全地存储在数据库中
solution2
0 2019-07-02 12:49:14
I would create a Spring-Boot Application. Spring uses a BCryptEncoder /-decoder to store passwords in a database in a secure way.
If you don`t want to use Spring maybe the following link can help you.
https://www.stubbornjava.com/posts/hashing-passwords-in-java-with-bcrypt
solution3
0 2019-07-02 13:17:49
Another alternative if only administrators have access to the server the application is running on is to provide the secrets (passwords) as environment variables.
The most basic way of accessing these is System.getEnv(String envKey) . For example:
export SOME_ENV_VARIABLE="your secret"; java -jar yourapplication.jar export SOME_ENV_VARIABLE="your secret"; java -jar yourapplication.jar ;
If you're using AWS or something similar they often have tools for storing these secrets in a secure way.
solution4
0 ACCPTED 2019-07-05 16:22:52
You can use cryptographic hashing for storing password.
https://auth0.com/blog/hashing-passwords-one-way-road-to-security/
If you want additional security then you can add salt to hashing.
https://auth0.com/blog/adding-salt-to-hashing-a-better-way-to-store-passwords/
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.