Java Play 加密数据库密码 [英] Java Play Encrypt Database Password
问题描述
我正在开发一个 Java Play 应用程序,我将数据库密码以纯文本形式存储在 application.conf 文件中.
I'm developing a Java Play application and I'm storing the Database password in plain text inside the application.conf file.
db.default.url="jdbc:oracle:thin:@HOST:PORT/SID"
db.default.user=USER
db.default.pass=PW
现在我想将其存储为加密密码.
Now i want to store it as an encrypted password.
在寻找解决方案时,我看到了很多关于实现插件的文章.以下是我遇到的一个解决方案.
While searching for a solution I saw many articals about implementing a plugin. Following is an solution I came across.
在那个例子中,使用了 play.PlayPlugin 但是当我尝试它时,我得到一个包未找到错误.我需要插入外部jar文件还是因为版本问题.我使用的是 Java play 1.2
In that example, play.PlayPlugin is used but when I try it, I get an package not found error. Do I need to insert an external jar file or is it because of a version problem. I'm using Java play 1.2
除了插件之外,还有没有其他方法可以以加密格式存储密码.
Is there any other way to store password in encrypted format other than a plugin.
推荐答案
您不应该需要加密您自己系统中的任何内容.只需确保您的服务器安全即可.
You shouldn't need to encrypt anything inside your own system. Just make sure your server is secure.
由于您需要让您的应用程序访问密码,因此可以访问您系统的攻击者无论如何都可以获取您的密码.
Since you will need to let your application access the password, an attacker who has access to your system would be able to get to your password anyway.
但是永远不要将您的密码检查到 git(或 subversion 或其他)中!
But never ever check your passwords into git (or subversion or whatever)!
你应该做的是:
将此行添加到您的
application.conf:
include "secure.conf"
在您的 conf 文件夹中创建 secure.conf.并将您的所有凭据保存在此文件中.
Create the secure.conf in your conf-folder.And save all your credentials in this file.
这篇关于Java Play 加密数据库密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
