可执行的jar文件 - hibernate.cfg文件 [英] Executable jar file - hibernate.cfg file
问题描述
我创建了使用数据库连接的可执行jar应用程序。问题是我的hibernate.cfg文件包含在源代码中,任何人都可以很容易地获得DB的用户名和密码。
我该如何避免这种情况?使它不可读或以某种方式将它放在别的地方,没有人可以阅读它。 可以使用Jasypt:Java简化加密API用于加密您的用户名和密码,它是一个简单的API。
Hibernate.cfg。配置
< property name =hibernate.connection.provider_class> org.jasypt.hibernate3.connectionprovider.EncryptedPasswordC3P0ConnectionProvider< / property>
< property name =connection.encryptor_registered_name> standardPBEStringEncryptor< / property>
< property name =connection.password> ENC(QVvFsdfefwewEz3i + 0EwsxWenjtrjtrjweftUYpMs)< / property>
您需要使用此API来加密您的密码并在hibernate配置中提供该密码。
I created executable jar application that uses database connection. The problem is that my hibernate.cfg file is included in source any everyone can easily gain username and passowrd for DB.
How can I avoid this situation? Make it unreadable or somehow put it somewhere else that no-one can read it.
You can use Jasypt: Java simplified encryption API for encrypting your username and password, its a simple API.
Hibernate.cfg. configuration
<property name="hibernate.connection.provider_class">org.jasypt.hibernate3.connectionprovider.EncryptedPasswordC3P0ConnectionProvider</property>
You need to use this API to encrypt your password and provide that password in the hibernate configuration.
<property name="connection.encryptor_registered_name">standardPBEStringEncryptor</property>
<property name="connection.password">ENC(QVvFsdfefwewEz3i+0EwsxWenjtrjtrjweftUYpMs)</property>
这篇关于可执行的jar文件 - hibernate.cfg文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!