Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 252
  • Last Modified:

Directories

Hi all,

I hope this is the right section where I'm asking this question, but :

We've got a lot of Java Web Applications. Now for security purposes, we've removed all the properties files from the Applications (Because there are passwords in the files that changes depending on where the applications get deployed to) and put then into a directory elsewhere on the Server. Now we have to protect the directory or do something so that no one can open the files and look for the passwords.
But how ? Or is there something else that I could rather do ?

Hope this makes sense.

Thank you

Pieter Jacobs
E-Mail : pietjac@iafrica.com
0
PieterJ
Asked:
PieterJ
2 Solutions
 
girish_nairCommented:
Hi,

If you are on a linux machine then you can use .htaccess files, so that no one can open it using a browser.

If you want that the files cannot  be opended by anyone except then give the directory appropriate perms.

The best idea is to keep the passwords encrypted. You can use  any utility like htpasswd or any builtin (JAVA) to encrypt it.

So Encryption+appropriate perms makes it more secure.

:)
0
 
CEHJCommented:
Passwords should never be stored in clear text. They should be encrypted using a one-way hash. *Nobody* should be able to read them - not even administrators.
0
 
CleanupPingCommented:
PieterJ:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
jimmackCommented:
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

Split between girish_nair and CEHJ.

Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

jimmack
EE Cleanup Volunteer
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now