How do you handle passwords or credentials for standalone applications?
Posted
by Abel Morelos
on Stack Overflow
See other posts from Stack Overflow
or by Abel Morelos
Published on 2010-04-20T18:03:40Z
Indexed on
2010/05/12
1:04 UTC
Read the original article
Hit count: 250
Let's say that you have a standalone application (a Java application in my case) and that this application has a configuration file (a XML file in my case) where you store the credentials (user and password) for a bunch of databases you need to connect.
Everything works great, but now you discover (or your are given a new requirement like me) that you have to put this application in a different server and that you can't have these credentials in the configuration files because of security and/or compliance considerations.
I'm considering to use data sources hosted in the application server (a WAS server), but I think this could have poor performance and maybe it's not the best approach since I'm connecting from a standalone application.
I was also considering to use some sort of encryption, but I would like to keep things as simple as possible.
How would you handle this case? Where would you put these credentials or protect them from being compromised? Or how would you connect to your databases in this scenario?
© Stack Overflow or respective owner