cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Viewer

best practice to protect Database connection password

Storing DB connection password in plain text in config file is very common way, but we know it's not secure. what's the best practices to protect DB password? thanks.
2 Replies
Highlighted
Viewer

Re: best practice to protect Database connection password

Hi, The technique will vary based on language and environment that you are deploying. Perhaps you can provide further information on this?
Highlighted
Viewer

Re: best practice to protect Database connection password

yes, indeed. two situation here, one is developing by Java, one is developing by php or some other scripting language. the same function is they all need to connect to database to update data. the encryption principle is separating key and cipher text. for java, there is a way to secure DB password as below: 1. generate a root key and a instance key 2. encrypt DB password by instance key and store it in config file 3. encrypt instance key by root key and store it in config file 4. keep root key in other server and get them when require after authenticated please let me know your advice, thx.