• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Passwords

 
colin shuker
Ranch Hand
Posts: 750
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, quite a general question here...

Supposing I have a web project on a server (as a war file) for example,
and this code requires my googlemail password so that it can send emails via smtp.

Currently I would just put my password in with the code (hard coding it in).
But if the war file could be downloaded from site, then possibly the password could be retrieved.

So I'm thinking possibly put the password in the sql database on the same server, and then just retrieve it when needed.
Also I was looking at encryption and decryption, but I don't know how that would help, I think I need to store password in database where its safe.

Any thoughts?

Thanks
 
Paul Clapham
Sheriff
Posts: 21322
32
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
colin shuker wrote:But if the war file could be downloaded from site, then possibly the password could be retrieved.


True. But web sites typically don't allow that. Do you have one which does? Then you really ought to stop allowing it. If not, then what's the concern?
 
colin shuker
Ranch Hand
Posts: 750
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks, I am able to download my war files from my website.

I just put them in the root directory, and when I enter www.mysitename.com/warfilename.war
I am able to download.

I'm not sure how one would prevent this.

Any thoughts? Thanks
 
colin shuker
Ranch Hand
Posts: 750
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ok, seems I can turn off the 'read' option in the file permissions, and this works
 
Wouter Oet
Saloon Keeper
Posts: 2700
IntelliJ IDE Opera
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Which server do you use?
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well if you just put a war file in your document root, sure, it's just a file. But why would you put your war file there?
 
Rob Spoor
Sheriff
Pie
Posts: 20611
63
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I suggest you follow this thread as well. It handles roughly the same issue.

I'll repeat my suggestion from that thread: put your sensitive configuration files in the WEB-INF folder. According to the servlet container specification, none of the files and folders inside may be accessible directly through requests, only through JSP / servlet code.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic