0

I'm working on refactoring a native java code last touched in 1999. There are no design patterns, modern methodologies, security standards applied, no toolsets like password vaulting systems, we don't even have an ant / maven / Jenkins server. It was expressed to me that they simply "export the EAR from RBD" (Rational Business Developer), so there's a basic understanding of the environment. I'm a little stuck at the moment. I've moved the properties for this app into a DB table except for two. The user and password. I'm looking for a way to secure the password in the properties file but am coming up short on ideas.

I'm thinking an acceptable solution would be to encode the password and set it as the DB users password. The plain text password would be then stored in the properties file. The codebase would need to encode it before attempting to connect to the DB.

I think the only pitfall for this is that multiple apps use the DB account and we either create a new account for this and migrate apps to this as we go, or do it all in one fell swoop. Am I off here? Are there better solutions?

Edited for clarity and re-edited for EAR instead of WAR file. This is deployed to a WebSphere App server.

OneCricketeer
  • 179,855
  • 19
  • 132
  • 245
ResourceReaper
  • 555
  • 2
  • 10
  • 27
  • https://www.baeldung.com/jasypt – XtremeBaumer Jan 18 '23 at 13:50
  • @life888888 Oh man, I edited the OP. Not a WAR. It's an EAR being deployed to Websphere App Server. – ResourceReaper Jan 18 '23 at 15:18
  • I assume your code is at least in version control? If so, credentials still shouldn't be stored alongside the code – OneCricketeer Jan 18 '23 at 15:20
  • @life888888 Oh thanks for this, I really appreciate the insight. I'll dig into this more and see what the t-shirt size is for this. I think every single application that is running on the WebSphere app server has the credentials in their respective properties files. (facepalm) – ResourceReaper Jan 18 '23 at 17:05
  • @OneCricketeer - HAHAHA, you're funny. The code IS in a repo called Serena (PVCS) which makes implementing Jenkins and other build tools difficult. – ResourceReaper Jan 18 '23 at 17:19
  • If you are using WebSphere then connection to database should be defined in the App server via Datasource, and then all DB props are defined there including user/password and there is no need to have any of these in the application source code. – Gas Jan 19 '23 at 09:44

0 Answers0