How do I avoid having the database password stored in plaintext in sourcecode?

Question

In the web-application I\'m developing I currently use a naive solution when connecting to the database:

Connection c = DriverManager.getConnection(\"url\",          


        

Answer 1

You can store the connection string in Web.config or App.config file and encrypt the section that holds it. Here's a very good article I used in a previous project to encrypt the connection string:

http://www.ondotnet.com/pub/a/dotnet/2005/02/15/encryptingconnstring.html