Solved

Java Swing Application with password hardcoded in it

Posted on 2010-11-10
4
724 Views
Last Modified: 2013-11-23
I have developed a Java Swing Application that has a database connection credential hard coded in it. I will be using Web Start to deploy the application.

What is the best practice to handle passwords in a swing application.

One of the ideas is to create a file that will hold the encrypted login and password information and place this file in a folder in the webserver and have a authentication setup for that folder.

I am not sure if that is the best option or what are all the options available for this situation.

Thanks
0
Comment
Question by:happylife1234
  • 2
4 Comments
 
LVL 86

Expert Comment

by:CEHJ
ID: 34106995
The best practice is to store nothing in the app. Make the user login with the gui over https
0
 
LVL 92

Accepted Solution

by:
objects earned 250 total points
ID: 34107343
> One of the ideas is to create a file that will hold the encrypted login and password
> information and place this file in a folder in the webserver and have a authentication
> setup for that folder.

thats about the best you can do, but it is still easily crackable if someone knows what they are doing.

More secure option would be to handle database access on the server and have gui talk to a servlet (or similiar) which talks to the database.

0
 
LVL 92

Expert Comment

by:objects
ID: 34107357
And limit access to the database to only what is needed for the app eg. it probably doesn't need create or grant access
0
 
LVL 16

Assisted Solution

by:Valeri
Valeri earned 250 total points
ID: 34113679
other solution is to keep your DB credentials decrypted somehow in your swing client and if you have authentication in your swing client, after successfull loging from the user you can read from the server a string or hash function that will encrypt the credentials to the real one and the you can use them to connect to the DB.
or you can use this hash string as password that user must enter in order to reach the DB.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Java had always been an easily readable and understandable language.  Some relatively recent changes in the language seem to be changing this pretty fast, and anyone that had not seen any Java code for the last 5 years will possibly have issues unde…
Introduction This article is the second of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers the basic installation and configuration of the test automation tools used by…
This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.
This tutorial will introduce the viewer to VisualVM for the Java platform application. This video explains an example program and covers the Overview, Monitor, and Heap Dump tabs.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now