FAQ
Hi folks

Here an snipped of the code

public class ScriptOutput {

private static String installPath = "//opt//jboss//tools//copy//";
private static String host = "mz007542.internal.hosts", port =
"1521", sid = "ISSPDB",
dbuser = "issdbuser", pw = "5s8yk5sbm3sj7";

private static Connection cn;

public static void main(String[] args) {

try {
Class.forName("oracle.jdbc.driver.OracleDriver").newInstance();
String url = "jdbc:oracle:thin:_at_" + host + ":" + port + ":" + sid;
cn = DriverManager.getConnection(url, dbuser, pw);
} catch (SQLException e) {
e.printStackTrace();
} catch (InstantiationException e) {
e.printStackTrace();
} catch (IllegalAccessException e) {
e.printStackTrace();
} catch (ClassNotFoundException e) {
e.printStackTrace();
}
createOutputOne();
createOutputTwo();
createOutputTree();
createOutputFour();
}

You see there is a clear text password for connecting to remote DB
instance. I have no access to remote DB instance, only unprivileged
user.
How to not write clear text password in the Java code (without
modifying remote Oracle server)?

Any good ideas for better security? Please give detailed instructions
because have almost no experience with Java.

cheers Sven

Search Discussions

  • Connor McDonald at Apr 13, 2011 at 8:21 am


    You see there is a clear text password for connecting to remote DB
    instance. I have no access to remote DB instance, only unprivileged
    user.
    How to not write clear text password in the Java code (without
    modifying remote Oracle server)?

    Any good ideas for better security? Please give detailed instructions
    because have almost no experience with Java.

    cheers Sven
    --
    http://www.freelists.org/webpage/oracle-l


    Check out using a wallet, then your connect string becomes:
    user=/

    --
    Connor McDonald
    ===========================
    email: connor_mcdonald_at_yahoo.com
    web: http://www.oracledba.co.uk

    "Semper in excremento, sole profundum qui variat"

    --
    http://www.freelists.org/webpage/oracle-l
  • Niall Litchfield at Apr 13, 2011 at 10:02 am
    Your installPath variable rather suggests that you are using the Jboss
    application server to deploy this application :). Jboss (and all J2EE
    application servers in fact) support a technology called JNDI (eg
    http://docs.jboss.org/jbossweb/3.0.x/jndi-resources-howto.html). That would
    in general be a better approach for your database connection management.
    Depending on the application server the database password may still be
    stored in plain text in a configuration file on the application server but
    it won't be stored in the code and is the responsibility of the various
    admins to maintain. It also of course means that you can develop against a
    db that you know the password to and deploy in production without ever being
    aware of the production password, it's change policy and so on. Your new
    code would end up looking like

    DataSource ds = (DataSource) envCtx.lookup("jdbc/myApp");

    Connection cn = ds.getConnection();

    createOutputOne();
    createOutputTwo();
    createOutputTree();
    createOutputFour();

    cn.close();
    On Wed, Apr 13, 2011 at 9:11 AM, Sven Aluoor wrote:

    Hi folks

    Here an snipped of the code

    public class ScriptOutput {

    private static String installPath = "//opt//jboss//tools//copy//";
    private static String host = "mz007542.internal.hosts", port =
    "1521", sid = "ISSPDB",
    dbuser = "issdbuser", pw = "5s8yk5sbm3sj7";

    private static Connection cn;

    public static void main(String[] args) {

    try {

    Class.forName("oracle.jdbc.driver.OracleDriver").newInstance();
    String url = "jdbc:oracle:thin:_at_" + host + ":" +
    port + ":" + sid;
    cn = DriverManager.getConnection(url, dbuser, pw);
    } catch (SQLException e) {
    e.printStackTrace();
    } catch (InstantiationException e) {
    e.printStackTrace();
    } catch (IllegalAccessException e) {
    e.printStackTrace();
    } catch (ClassNotFoundException e) {
    e.printStackTrace();
    }
    createOutputOne();
    createOutputTwo();
    createOutputTree();
    createOutputFour();
    }

    You see there is a clear text password for connecting to remote DB
    instance. I have no access to remote DB instance, only unprivileged
    user.
    How to not write clear text password in the Java code (without
    modifying remote Oracle server)?

    Any good ideas for better security? Please give detailed instructions
    because have almost no experience with Java.

    cheers Sven
    --
    http://www.freelists.org/webpage/oracle-l

    --
    Niall Litchfield
    Oracle DBA
    http://www.orawin.info

    --
    http://www.freelists.org/webpage/oracle-l

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouporacle-l @
categoriesoracle
postedApr 13, '11 at 8:11a
activeApr 13, '11 at 10:02a
posts3
users3
websiteoracle.com

People

Translate

site design / logo © 2022 Grokbase