如何连接到需要密码而不显示密码的数据库? [英] How to connect to a database that requires password without exposing the password?
问题描述
我正在创建一个应用程序,我需要连接到数据库。数据库需要登录/密码,以便应用程序可以执行select和insert等操作。
在应用程序中,我需要使用登录名和密码连接到数据库,可以在数据库上做一些任务。 我的问题是:如何存储和使用密码连接到数据库而不公开密码?
我不能简单地使用哈希或加密以存储密码,因为数据库必须识别密码(我认为大多数或所有数据库必须以纯文本格式接收密码)。
。
连接由应用程序进行。没有人工输入做连接。
(编辑)有关应用程序的更多信息:它是一个使用servlets / jsp的Web应用程序。数据库在应用程序的同一服务器上。应用程序的用户是没有完全管理权限的默认用户,但它可以插入/删除行,并执行涉及表中查询和数据修改的大多数操作。
这样做的通常方式是将用户名/密码外部化为属性/配置文件,在运行时读取(无论是否使用本机JDBC / JNDI / CDI / J2EE数据源/ etc)。
该文件由系统管理员通过O / S安全保护。
O / S具有比应用程序代码更好的保护工具。
I am creating an application and I need to connect to a database. The database requires login/password so the application can do operations like select and insert.
In the application I need to connect to the database using login and password, so the application is free to do some tasks on the database. My question is: how do I store and use a password to connect to the database without exposing the password?
I can't simply use a hash or encryption to store the password because the database must recognize the password (I think most or all databases must receive password as plain text).
.
.
Note: The connection is made by the application. No human input to do the connection.
(Edit)More info about the application: it is a web application using servlets/jsp. The database is on the same server of the application. The user for the application is a default user without complete admin powers, but it may insert/delete rows and do most things that involve queries and data modification in tables.
The usual way this is done is to externalize the username/password to a property/config file which is read at runtime (whether or not you use native JDBC/JNDI/CDI/J2EE datasource/etc).
The file is protected via the O/S security by the sysadmins.
The O/S has better tools for protection than app code.
这篇关于如何连接到需要密码而不显示密码的数据库?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!