1

I have database configuration in application.properties, like the one below:

spring.database.driverClassName=org.postgresql.Driver
spring.datasource.url=jdbc:postgresql://localhost:5432/deebee
spring.datasource.username=postgres
spring.datasource.password=shivendra

Somehow, directly writing the username and password seems to be a security concern to me. Is it ok to have a database configuration like the one I have now?

Also, I haven't done anything for database security in my application, does spring boot provides anything for the securing database?

tushar_lokare
  • 461
  • 1
  • 8
  • 22
AConsumer
  • 2,461
  • 2
  • 25
  • 33
  • 3
    create environment variables or system properties or program arguments and refer to them in your properties like `spring.datasource.password=${DB_PASSWORD}` – Kartik Feb 11 '19 at 04:56
  • Possible duplicate of [Securing a password in a properties file](https://stackoverflow.com/questions/10306673/securing-a-password-in-a-properties-file) – Mustafa Feb 11 '19 at 05:06
  • This is exactly why Spring Boot has features for overriding properties at runtime. The most common approaches are to use a managed cloud environment where Spring can detect your settings (Cloud Foundry, Heroku, and plain AWS are supported; there may be others) or to set the `SPRING_DATASOURCE_USERNAME` and similar environment variables before launching. – chrylis -cautiouslyoptimistic- Feb 11 '19 at 05:11
  • if your application server is secure, you need not much worry about securing passwords in config file but it would be better if you use some encryption logic to keep your passwords not visible to open world – vels4j Feb 11 '19 at 05:12
  • here is an useful answer https://stackoverflow.com/questions/12834604/using-encoded-password-for-the-datasource-used-in-spring-applicationcontext-xml – vels4j Feb 11 '19 at 05:17

0 Answers0