How do you handle passwords or credentials for standalone applications?

Posted by Abel Morelos on Stack Overflow See other posts from Stack Overflow or by Abel Morelos
Published on 2010-04-20T18:03:40Z Indexed on 2010/05/12 1:04 UTC
Read the original article Hit count: 250

Let's say that you have a standalone application (a Java application in my case) and that this application has a configuration file (a XML file in my case) where you store the credentials (user and password) for a bunch of databases you need to connect.

Everything works great, but now you discover (or your are given a new requirement like me) that you have to put this application in a different server and that you can't have these credentials in the configuration files because of security and/or compliance considerations.

I'm considering to use data sources hosted in the application server (a WAS server), but I think this could have poor performance and maybe it's not the best approach since I'm connecting from a standalone application.

I was also considering to use some sort of encryption, but I would like to keep things as simple as possible.

How would you handle this case? Where would you put these credentials or protect them from being compromised? Or how would you connect to your databases in this scenario?

© Stack Overflow or respective owner

Related posts about best-practices

Related posts about password-protection