Where to store database credentials in a web app?

后端 未结 8 1427
离开以前
离开以前 2021-02-07 08:28

I\'m wondering what techniques you use to store the database credentials for your application. I\'m specifically concerned with java webapps, but I don\'t think there\'s any ne

8条回答
  •  夕颜
    夕颜 (楼主)
    2021-02-07 08:47

    With Java, database connection pools should be passed into webapps by the container. This is in the standard declarable in WEB-INF/web.xml as resources. The same applies to mail sessions and other external resources that may vary from installation to installation. Look up JNDI for more information on this)

    The nice part with this is that the application doesn't care about how to actually connect to anything outside. It will not see any passwords, because the container itself will use them.

    In tomcat this is configured either from context files (e.g.) in conf/Catalina/localhost/ , conf/server.xml or - preferably only for dev environments, from the webapps META-INF/context.xml. Other environments have their own configuration location or application.

    The encryption of passwords actually depends on the container. Tomcat stores them in plaintext, but the application itself won't see it. I don't know about the mechanics in other environments.

提交回复
热议问题