Java - encrypt / decrypt user name and password from a configuration file
- by nzpcmad
We are busy developing a Java web service for a client. There are two possible choices:
Store the encrypted user name / password on the web service client. Read from a config. file on the client side, decrypt and send.
Store the encrypted user name / password on the web server. Read from a config. file on the web server, decrypt and use in the web service.
The user name / password is used by the web service to access a third-party application.
The client already has classes that provide this functionality but this approach involves sending the user name / password in the clear (albeit within the intranet). They would prefer storing the info. within the web service but don't really want to pay for something they already have. (Security is not a big consideration because it's only within their intranet).
So we need something quick and easy in Java.
Any recommendations?
The server is Tomkat 5.5. The web service is Axis2.
What encrypt / decrypt package should we use?
What about a key store?
What configuration mechanism should we use?
Will this be easy to deploy?