3

I am very new to all this. I have created a web application which consists of all jsp pages(Note : the html content is embedded in those jsp pages itself along with the main logic) some snippets of my code are as below : 

<%
final String host = "jdbc:mysql://mySQLPath/ShopSystem";
final String uName = "myUsername";
final String uPass = "myPassword";
Connection con = DriverManager.getConnection( host, uName, uPass );
%>

A lot of my files have the above lines of code. Now I wish to upload these files on a web host as an attempt to publish my website. But what I am worried is that in doing so I will be uploading my username and password as well on the third party site.

Is there any other better way to do this? I don't want any third person from being able to view my url, username and password.

Elliott Frisch
  • 198,278
  • 20
  • 158
  • 249
user3868051
  • 1,147
  • 2
  • 22
  • 43
  • 1
    Presumably this third party also controls and administers your database. And I recommend using an application server level connection pool. – Elliott Frisch Aug 11 '14 at 05:02
  • I am sorry I dnt get how to use an application server level connection pool. please help. Also my database is on AWS RDS, and the access key and secret key to it are stored in a .properties type of file which is my eclipse project's source folder. So it is not ust these jsp pages that I am using as my fornt end that I am worried of, it is also this AWS Credential file. – user3868051 Aug 11 '14 at 05:14
  • Sounds like you should be deploying to AWS then. What exactly are you asking? How to obfuscate your credentials? – Elliott Frisch Aug 11 '14 at 05:17
  • I want to know how I can prevent any one else from getting access to any of my jsp or credential file... – user3868051 Aug 11 '14 at 05:20
  • Also I have heard of some sites such as bluehost and freeservers.com which provide free web hosting services. nyone has any idea about security if I upload my files on any of them, or could you suggest me somthing yet better? – user3868051 Aug 11 '14 at 05:22

2 Answers2

1

Adding to the @Jigar Joshi answer , it is good practice to write the database details in separate config file .

It is also useful in the case when you consider to change. as you said you many files holding this values you change them in one common place and load them to apply in all files.

Create a config.properties file in your class path of your application.

In your jsp read from the property file , so your code wont show them 

        Properties props = new Properties();    
        FileInputStream fis = null;
        Connection con = null;  
        fis = new FileInputStream("File.properties");
        props.load(fis);

        // load the Driver Class
        Class.forName(props.getProperty("DB_DRIVER_CLASS"));

        // create the connection now
        con = DriverManager.getConnection(props.getProperty("DB_URL"),
                props.getProperty("DB_USERNAME"),
                props.getProperty("DB_PASSWORD"));

in your jsp will do the job for you . but you to learn about optimizing the database through Datasource and also learn about connection pooling to avoid leaked connections.

Hope this helps !!

Community
  • 1
  • 1
Santhosh
  • 8,181
  • 4
  • 29
  • 56
0

externalize secure information from source and put it in configuration and let your app read from pre-specified location for config

jmj
  • 237,923
  • 42
  • 401
  • 438
  • well as I said I am very new to this, could you xplain how to do so? just some broad and a little more detailed steps so that I can have a more precise direction to work on... – user3868051 Aug 11 '14 at 05:17