How do I avoid having the database password stored in plaintext in sourcecode?

Question

In the web-application I\'m developing I currently use a naive solution when connecting to the database:

Connection c = DriverManager.getConnection(\"url\",          


        

Answer 1

I can recommend these techniques for .NET programmers:

• Encrypt password\connection string in config file
• Setup trusted connection between client and server (i.e. use windows auth, etc)

Here is useful articles from CodeProject:

• Encrypt and Decrypt of ConnectionString in app.config and/or web.config