- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-18-2017
05:29 AM
10-18-2017
05:29 AM
best practice to protect Database connection password
Storing DB connection password in plain text in config file is very common way, but we know it's not secure. what's the best practices to protect DB password? thanks.
2 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-18-2017
09:44 AM
10-18-2017
09:44 AM
Hi, The technique will vary based on language and environment that you are deploying. Perhaps you can provide further information on this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-18-2017
09:56 PM
10-18-2017
09:56 PM
yes, indeed. two situation here, one is developing by Java, one is developing by php or some other scripting language. the same function is they all need to connect to database to update data. the encryption principle is separating key and cipher text. for java, there is a way to secure DB password as below: 1. generate a root key and a instance key 2. encrypt DB password by instance key and store it in config file 3. encrypt instance key by root key and store it in config file 4. keep root key in other server and get them when require after authenticated please let me know your advice, thx.