cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AmyZ
Viewer

best practice to protect Database connection password

Storing DB connection password in plain text in config file is very common way, but we know it's not secure. what's the best practices to protect DB password? thanks.
2 Replies
sureshdr
Viewer

Hi, The technique will vary based on language and environment that you are deploying. Perhaps you can provide further information on this?
AmyZ
Viewer

yes, indeed. two situation here, one is developing by Java, one is developing by php or some other scripting language. the same function is they all need to connect to database to update data. the encryption principle is separating key and cipher text. for java, there is a way to secure DB password as below: 1. generate a root key and a instance key 2. encrypt DB password by instance key and store it in config file 3. encrypt instance key by root key and store it in config file 4. keep root key in other server and get them when require after authenticated please let me know your advice, thx.