Ashwin Sridhar wrote:I am trying to figure out a better ways to have DB passwords secure. Currently I specify the password in cfg file during the first run of my application. The password is encryted and written back on the cfg file. On subsequent runs, the passwrod is de-cryted and connection is established.
Ashwin Sridhar wrote:My application is just a stand alone application which I build into a jar and execute. The application is started with various input parameters. I am looking for building password matrix from which password could be read back by specifying the username.
That reduces the security of your app by several orders of magnitude.
Ashwin Sridhar wrote: . . . I am okay to allow him to login by specifying username alone.