Where to store database credentials in a web app?

Question

I\'m wondering what techniques you use to store the database credentials for your application. I\'m specifically concerned with java webapps, but I don\'t think there\'s any ne

Answer 1

Depends on the app server.

I usually use JNDI lookups for the data source, so credentials are stored on the app server that handles the connection pool. No need to put anything other than the JNDI name in configuration that way.

Yes, the password is encrypted on WebLogic.

On Tomcat things can be dicey. Connection info is in META-INF/context.xml, which means plain text for the password. I only do that for development, never in production.