How can I prevent the person that downloaded my java.jar which has my website mysql password and username on the connect class form being decompiled by a certain program. Is there a certain special class in java that let me do to secure my connect class?
Asked
Active
Viewed 2,172 times
-1
-
The solution is to never put your password in such a position where this could be possible. In the medical field, this is what we call a "never event", similar to leaving surgical instruments in a patient. It shouldn't even be considered, and safeguards should be in prevent it from ever occurring. – Hovercraft Full Of Eels Apr 28 '13 at 04:46
2 Answers
5
You cannot effectively prevent a MySQL password from being read out of your application — even if you take steps to encrypt the text of the password (which most obfuscation tools will not do), it will still be possible for a user to intercept the password as it is passed to the MySQL library.
Do not connect directly to MySQL from your client software. Build a web-accessible API to your database which only exposes the data it needs to and interact with that.
0
You are looking for obfuscation.
wangyif2
- 2,843
- 2
- 24
- 29
-
-
5
-
When people decompile your class, lets say `com.example.class`, they will see `a.b.c`, which in a large scale project is essentially impossible to figure out. But all your value such as `String` will still be in plaintext. You should NEVER hard code your password, see this post for detail on dealing with this type of situation:http://stackoverflow.com/questions/442862/how-can-i-protect-mysql-username-and-password-from-decompiling – wangyif2 Apr 28 '13 at 04:44