?
Solved

Java Swing Application with password hardcoded in it

Posted on 2010-11-10
4
Medium Priority
?
735 Views
Last Modified: 2013-11-23
I have developed a Java Swing Application that has a database connection credential hard coded in it. I will be using Web Start to deploy the application.

What is the best practice to handle passwords in a swing application.

One of the ideas is to create a file that will hold the encrypted login and password information and place this file in a folder in the webserver and have a authentication setup for that folder.

I am not sure if that is the best option or what are all the options available for this situation.

Thanks
0
Comment
Question by:happylife1234
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 86

Expert Comment

by:CEHJ
ID: 34106995
The best practice is to store nothing in the app. Make the user login with the gui over https
0
 
LVL 92

Accepted Solution

by:
objects earned 1000 total points
ID: 34107343
> One of the ideas is to create a file that will hold the encrypted login and password
> information and place this file in a folder in the webserver and have a authentication
> setup for that folder.

thats about the best you can do, but it is still easily crackable if someone knows what they are doing.

More secure option would be to handle database access on the server and have gui talk to a servlet (or similiar) which talks to the database.

0
 
LVL 92

Expert Comment

by:objects
ID: 34107357
And limit access to the database to only what is needed for the app eg. it probably doesn't need create or grant access
0
 
LVL 16

Assisted Solution

by:Valeri
Valeri earned 1000 total points
ID: 34113679
other solution is to keep your DB credentials decrypted somehow in your swing client and if you have authentication in your swing client, after successfull loging from the user you can read from the server a string or hash function that will encrypt the credentials to the real one and the you can use them to connect to the DB.
or you can use this hash string as password that user must enter in order to reach the DB.
0

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After being asked a question last year, I went into one of my moods where I did some research and code just for the fun and learning of it all.  Subsequently, from this journey, I put together this article on "Range Searching Using Visual Basic.NET …
In this post we will learn how to make Android Gesture Tutorial and give different functionality whenever a user Touch or Scroll android screen.
This theoretical tutorial explains exceptions, reasons for exceptions, different categories of exception and exception hierarchy.
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …
Suggested Courses
Course of the Month8 days, 12 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question