Solved

Java Swing Application with password hardcoded in it

Posted on 2010-11-10
4
726 Views
Last Modified: 2013-11-23
I have developed a Java Swing Application that has a database connection credential hard coded in it. I will be using Web Start to deploy the application.

What is the best practice to handle passwords in a swing application.

One of the ideas is to create a file that will hold the encrypted login and password information and place this file in a folder in the webserver and have a authentication setup for that folder.

I am not sure if that is the best option or what are all the options available for this situation.

Thanks
0
Comment
Question by:happylife1234
  • 2
4 Comments
 
LVL 86

Expert Comment

by:CEHJ
ID: 34106995
The best practice is to store nothing in the app. Make the user login with the gui over https
0
 
LVL 92

Accepted Solution

by:
objects earned 250 total points
ID: 34107343
> One of the ideas is to create a file that will hold the encrypted login and password
> information and place this file in a folder in the webserver and have a authentication
> setup for that folder.

thats about the best you can do, but it is still easily crackable if someone knows what they are doing.

More secure option would be to handle database access on the server and have gui talk to a servlet (or similiar) which talks to the database.

0
 
LVL 92

Expert Comment

by:objects
ID: 34107357
And limit access to the database to only what is needed for the app eg. it probably doesn't need create or grant access
0
 
LVL 16

Assisted Solution

by:Valeri
Valeri earned 250 total points
ID: 34113679
other solution is to keep your DB credentials decrypted somehow in your swing client and if you have authentication in your swing client, after successfull loging from the user you can read from the server a string or hash function that will encrypt the credentials to the real one and the you can use them to connect to the DB.
or you can use this hash string as password that user must enter in order to reach the DB.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
groupSumClump challenge 9 98
firstChar challenge 13 106
java. non-English characters encoding problem. intellij idea 3 73
recursion example 16 111
After being asked a question last year, I went into one of my moods where I did some research and code just for the fun and learning of it all.  Subsequently, from this journey, I put together this article on "Range Searching Using Visual Basic.NET …
Introduction Java can be integrated with native programs using an interface called JNI(Java Native Interface). Native programs are programs which can directly run on the processor. JNI is simply a naming and calling convention so that the JVM (Java…
Viewers learn about the “for” loop and how it works in Java. By comparing it to the while loop learned before, viewers can make the transition easily. You will learn about the formatting of the for loop as we write a program that prints even numbers…
Viewers learn about the scanner class in this video and are introduced to receiving user input for their programs. Additionally, objects, conditional statements, and loops are used to help reinforce the concepts. Introduce Scanner class: Importing…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now