Solved

Java Swing Application with password hardcoded in it

Posted on 2010-11-10
4
728 Views
Last Modified: 2013-11-23
I have developed a Java Swing Application that has a database connection credential hard coded in it. I will be using Web Start to deploy the application.

What is the best practice to handle passwords in a swing application.

One of the ideas is to create a file that will hold the encrypted login and password information and place this file in a folder in the webserver and have a authentication setup for that folder.

I am not sure if that is the best option or what are all the options available for this situation.

Thanks
0
Comment
Question by:happylife1234
  • 2
4 Comments
 
LVL 86

Expert Comment

by:CEHJ
ID: 34106995
The best practice is to store nothing in the app. Make the user login with the gui over https
0
 
LVL 92

Accepted Solution

by:
objects earned 250 total points
ID: 34107343
> One of the ideas is to create a file that will hold the encrypted login and password
> information and place this file in a folder in the webserver and have a authentication
> setup for that folder.

thats about the best you can do, but it is still easily crackable if someone knows what they are doing.

More secure option would be to handle database access on the server and have gui talk to a servlet (or similiar) which talks to the database.

0
 
LVL 92

Expert Comment

by:objects
ID: 34107357
And limit access to the database to only what is needed for the app eg. it probably doesn't need create or grant access
0
 
LVL 16

Assisted Solution

by:Valeri
Valeri earned 250 total points
ID: 34113679
other solution is to keep your DB credentials decrypted somehow in your swing client and if you have authentication in your swing client, after successfull loging from the user you can read from the server a string or hash function that will encrypt the credentials to the real one and the you can use them to connect to the DB.
or you can use this hash string as password that user must enter in order to reach the DB.
0

Featured Post

ScreenConnect 6.0 Free Trial

Explore all the enhancements in one game-changing release, ScreenConnect 6.0, based on partner feedback. New features include a redesigned UI, app configurations and chat acknowledgement to improve customer engagement!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Android studio getdrawable(int) is deprecated 4 86
arguments to jar 5 26
Error in @AspectJ Based AOP with Spring 2 13
going to wrong jsp page 2 21
INTRODUCTION Working with files is a moderately common task in Java.  For most projects hard coding the file names, using parameters in configuration files, or using command-line arguments is sufficient.   However, when your application has vi…
Java had always been an easily readable and understandable language.  Some relatively recent changes in the language seem to be changing this pretty fast, and anyone that had not seen any Java code for the last 5 years will possibly have issues unde…
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.
This tutorial will introduce the viewer to VisualVM for the Java platform application. This video explains an example program and covers the Overview, Monitor, and Heap Dump tabs.

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question