发表新帖
发表新帖

Java Play Encrypt Database Password

后端 未结
关注
2 1164
一整个雨季
一整个雨季 2021-01-26 17:45

I\'m developing a Java Play application and I\'m storing the Database password in plain text inside the application.conf file.

db.default.url=\"jdbc:oracle:thin:
2条回答
  • 囚心锁ツ
    囚心锁ツ (楼主)
    2021-01-26 17:54

    You shouldn't need to encrypt anything inside your own system. Just make sure your server is secure.

    Since you will need to let your application access the password, an attacker who has access to your system would be able to get to your password anyway.

    But never ever check your passwords into git (or subversion or whatever)!

    Instead what you should do is this:

    1. Add this line to your application.conf:

      include "secure.conf"

    2. Create the secure.conf in your conf-folder.And save all your credentials in this file.

    3. Add secure.conf to your .gitignore, so it doesn't go into your Git.
    4. Manually add and update the secure.conf-file on your server.

    0 讨论(0)
 看不清?
提交回复
热议问题