Java Play加密数据库密码 [英] Java Play Encrypt Database Password

问题描述

我正在开发一个Java Play应用程序，并将数据库密码以纯文本形式存储在application.conf文件中。

I'm developing a Java Play application and I'm storing the Database password in plain text inside the application.conf file.

db.default.url="jdbc:oracle:thin:@HOST:PORT/SID"
db.default.user=USER
db.default.pass=PW

现在我想将其存储为加密密码。

Now i want to store it as an encrypted password.

在寻找解决方案的同时，我看到许多关于实现插件的艺术。以下是我遇到的解决方案。

While searching for a solution I saw many articals about implementing a plugin. Following is an solution I came across.

在application.conf中加密db密码

在该示例中，使用play.PlayPlugin，但是当我尝试它时，我收到一个未找到的包错误。我需要插入一个外部jar文件，还是因为版本问题。我正在使用Java play 1.2

In that example, play.PlayPlugin is used but when I try it, I get an package not found error. Do I need to insert an external jar file or is it because of a version problem. I'm using Java play 1.2

有没有其他方法可以以插件的加密格式存储密码。

Is there any other way to store password in encrypted format other than a plugin.

推荐答案

你不需要加密你自己的系统内的任何东西。只需确保您的服务器是安全的。

You shouldn't need to encrypt anything inside your own system. Just make sure your server is secure.

由于您需要让应用程序访问密码，所以访问系统的攻击者将能够访问您的

Since you will need to let your application access the password, an attacker who has access to your system would be able to get to your password anyway.

但是，从来没有检查您的密码为git（或颠覆或其他）！

But never ever check your passwords into git (or subversion or whatever)!

相反，您应该做的是这样的：

1. 将此行添加到您的 application.conf ：

include "secure.conf"

在您的 conf -folder.And将所有凭证保存在此文件中。

Create the secure.conf in your conf-folder.And save all your credentials in this file.

这篇关于Java Play加密数据库密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！