4

In our project we are hard coding all the database passwords in property file ,now we need to provide security to property file with out changing anything in the java code. I have used some AES encryption technique's to provide the security but for all these methods i need to change the java code for decryption of passwords..

Any one help me to hide the property file which is having passwords of database and again bring it back to same path at the time of java file execution?

Deepu
  • 41
  • 1
  • If you can't change the code, the only option is to encrypt/decrypt your file externally. Take a look here: http://stackoverflow.com/questions/16056135/how-to-use-openssl-to-encrypt-decrypt-files – mp911de Jun 30 '15 at 07:13
  • 2
    Never store clear text passwords in property files. If fixing this entails extra time and budget let your client know, and fix it. – ring bearer Jun 30 '15 at 07:14
  • 1
    Are you using any frameworks like `Spring` in your application? – Rohit Jun 30 '15 at 07:25
  • 1
    Easy. Just save it via a `CipherOutputStream` and load it via a `CipherInputStream`. Of course that means you need a utility to save it the first time, and whenever you change the passwords. This isn't a great idea. Normally the passwords would be in a Tomcat Context.xml file, Resource definition, or similar for your Servlet container, assuming you're using one, and security would be at the physical-access level, via smart card access and so forth. – user207421 Jun 30 '15 at 08:01
  • @maytham Your link is about password hashing. This question is about password encryption, in a circumstance where hashing would not meet the objective. Not relevant. – user207421 Jun 30 '15 at 10:21
  • @EJP true I agree I will remove the comment, i was fast here. – Maytham Fahmi Jun 30 '15 at 10:22
  • Without changing the code you can encrypt resources and implement own classloader overriding getResourceAsStream – Dominik G Apr 26 '18 at 19:07

0 Answers0