Win a copy of Micro Frontends in Action this week in the Server-Side JavaScript and NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

hiding password in jdbc thin client connections

 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
how can I hide the plain text passwords that we have to give in a jdbc connection ?  
we use jboss as application server
 
Marshal
Posts: 15894
265
Mac Android IntelliJ IDE Eclipse IDE Spring Debian Java Ubuntu Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You don't. Plain text is never secure, so don't store passwords like that. Search for how to secure database passwords in Java apps
 
Ranch Hand
Posts: 357
2
Eclipse IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

sami Aslan wrote:how can I hide the plain text passwords that we have to give in a jdbc connection ?  
we use jboss as application server



JDBC connections must be fetch from a Datasource created in the Application container (Jboss).
Therefore it would be transparent for your application.
 
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ain't there room to import JPasswordField and make use of the class in the program instead of a textfield just like in J2SE ?
eg:

import javax.swing.JPasswordField;
..
public class Program{
...

passwordField = new JPasswordField(10);
passwordField.setActionCommand(OK);
passwordField.addActionListener(this);

}
 
Junilu Lacar
Marshal
Posts: 15894
265
Mac Android IntelliJ IDE Eclipse IDE Spring Debian Java Ubuntu Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
JPasswordField simply hides the input from prying eyes. The value will still be in plain text which, as I said before, is not secure. Also, since the OP mentioned using JBoss as the application server, I doubt user input is involved. Seems like it's more on the backend, where there is no interaction between the user.
 
Saloon Keeper
Posts: 22508
151
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Charles Nduka wrote:Ain't there room to import JPasswordField and make use of the class in the program instead of a textfield just like in J2SE ?
eg:

import javax.swing.JPasswordField;
..
public class Program{
...

passwordField = new JPasswordField(10);
passwordField.setActionCommand(OK);
passwordField.addActionListener(this);

}



No, because the password isn't some GUI thing, it's a text string. Incidentally, we have a "code" button on our message editor that will wrap special tags around sample code, XML and other formatted data and make it more readable.

The best protections for the password are

1. Use a different id/password for your webapp server than you would for regular database operations. One whose access rights are no more than the greatest-common-denominator of all the access rights of the application itself. You might even spin sensitive application administrative functions into a separate webapp with a more relaxed set of rights.

2. The password in JBoss/Wildfly is stored in an XML configuration file. The JBoss directories should not be readable except by JBoss itself and administrative personnel. That should greatly limit who can see the password to begin with, and if your administrators cannot be trusted, you have bigger problems than just password security.
 
World domination requires a hollowed out volcano with good submarine access. Tiny ads are optional.
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic