1

I'm working on a simple java program that takes in user input, then parses the data and uploads it into a sql database to store online.

In my JDBC code I have the following: (Small example)

public class JDBCExample {
   // JDBC driver name and database URL
   static final String JDBC_DRIVER = "com.mysql.jdbc.Driver";  
   static final String DB_URL = "jdbc:mysql://localhost/";

   //  Database credentials
   static final String USER = "username";
   static final String PASS = "password";

I am wondering how safe it is to have my username and password just openly available in plain text in my programming code after I convert it to a jar file. Is it easy to reverse engineer an application like this and reveal the code?

user3424585
  • 23
  • 3

3 Answers3

4

Incredibly easy, yes. javap -c JDBCExample.class will do it in a heartbeat.

Generally the way this is done is by separating the client-side app, which you distribute publicly, from a server-side app that runs on a trusted server. The client app you distribute doesn't access the database directly; instead, it talks to the server program, which publishes an API (often a RESTful API over HTTP) through which the client can make requests. That trusted server-side program is what talks to the database directly.

And even then, it's best practice to not hard-code your credentials into the server-side code. Instead, have the service read those credentials from a file which you keep separate from the code base (for instance, don't check that file into your source control).

yshavit
  • 42,327
  • 7
  • 87
  • 124
1

You could save the username and password in a separate property file so that you could change it anytime without having to recompile the codes.

On your question, whatever your code can read in your codes/files, most likely, users can also. Please see this as reference.

Community
  • 1
  • 1
Rey Libutan
  • 5,226
  • 9
  • 42
  • 73
0

I use ciphering and deciphering in my code. use javax.crypto class to encrypt your password and inside your class use deciphering to decipher and send the password.

This works only if you place class file for deciphering rather than .java file.

example for ciphering link.

user1912075
  • 1