Solved

Java Swing Application with password hardcoded in it

Posted on 2010-11-10
4
731 Views
Last Modified: 2013-11-23
I have developed a Java Swing Application that has a database connection credential hard coded in it. I will be using Web Start to deploy the application.

What is the best practice to handle passwords in a swing application.

One of the ideas is to create a file that will hold the encrypted login and password information and place this file in a folder in the webserver and have a authentication setup for that folder.

I am not sure if that is the best option or what are all the options available for this situation.

Thanks
0
Comment
Question by:happylife1234
  • 2
4 Comments
 
LVL 86

Expert Comment

by:CEHJ
ID: 34106995
The best practice is to store nothing in the app. Make the user login with the gui over https
0
 
LVL 92

Accepted Solution

by:
objects earned 250 total points
ID: 34107343
> One of the ideas is to create a file that will hold the encrypted login and password
> information and place this file in a folder in the webserver and have a authentication
> setup for that folder.

thats about the best you can do, but it is still easily crackable if someone knows what they are doing.

More secure option would be to handle database access on the server and have gui talk to a servlet (or similiar) which talks to the database.

0
 
LVL 92

Expert Comment

by:objects
ID: 34107357
And limit access to the database to only what is needed for the app eg. it probably doesn't need create or grant access
0
 
LVL 16

Assisted Solution

by:Valeri
Valeri earned 250 total points
ID: 34113679
other solution is to keep your DB credentials decrypted somehow in your swing client and if you have authentication in your swing client, after successfull loging from the user you can read from the server a string or hash function that will encrypt the credentials to the real one and the you can use them to connect to the DB.
or you can use this hash string as password that user must enter in order to reach the DB.
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This was posted to the Netbeans forum a Feb, 2010 and I also sent it to Verisign. Who didn't help much in my struggles to get my application signed. ------------------------- Start The idea here is to target your cell phones with the correct…
Basic understanding on "OO- Object Orientation" is needed for designing a logical solution to solve a problem. Basic OOAD is a prerequisite for a coder to ensure that they follow the basic design of OO. This would help developers to understand the b…
Viewers will learn about the different types of variables in Java and how to declare them. Decide the type of variable desired: Put the keyword corresponding to the type of variable in front of the variable name: Use the equal sign to assign a v…
This theoretical tutorial explains exceptions, reasons for exceptions, different categories of exception and exception hierarchy.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question