How to hide password to MySQL database from people using the program

java mysql sql sql-server jdbc
10,394

Solution 1

When you give your users direct access to your database, then you have to remember that you have given them direct access to your database. You cannot change that. No amount of encryption or obfuscation can take that away that they have access to your database.

So you need to consider, do you really want them to have access to your database?

  • If you do want to give database access, make sure the permissions are set correctly. For example, if they only need read access, make sure that the user you have given them only has read access.

  • If you don't actually want them to access the database directly but you want them to have access to the data then don't put the database password in your program at all. You might for example want to set up a web service in front of your database and have your users query the web service. The web service would have the database password, but your users would not.

Solution 2

You don't. This is why static passwords are bad.

Typically what you do in an enterprise environment is authenticate to the database using external authentication methods (e.g., LDAP, Active Directory) and then using groups you determine the level of access your users require.

MySQL does support external authentication methods. MS SQL Server does as well.

Share:
10,394
Braden Steffaniak
Author by

Braden Steffaniak

Updated on June 09, 2022

Comments

  • Braden Steffaniak
    Braden Steffaniak about 2 years

    I created a java program with JDBC that successfully connects to my computer server's MySQL database like this:

        try
    {
        // The newInstance() call is a work around for some
        // broken Java implementations

        Class.forName("com.mysql.jdbc.Driver").newInstance();
    }
    catch (Exception ex)
    {
        // handle the error
    }

    try
    {
        conn = DriverManager.getConnection(("jdbc:mysql://191.168.1.15:3306/databasename"), "username", "password");

        // Do something with the Connection
    }
    catch (SQLException ex)
    {
        // handle any errors
        System.out.println("SQLException: " + ex.getMessage());
        System.out.println("SQLState: " + ex.getSQLState());
        System.out.println("VendorError: " + ex.getErrorCode());
    }

    However, if someone who wanted to figure out the password, it would be very simple with any java decompiler. How would I be able to prevent them from finding the password, or username even, for that matter?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to fetch entire row as array of objects with JDBC
JDBC - How to insert a string value
JDBC java.sql.Date() comparison is giving false
Caching in JDBC
Java PreparedStatement: com.microsoft.sqlserver.jdbc.SQLServerException, index out of range
Connect JDBC with SQL Server
java.sql.SQLException: Access denied for user 'root'@'localhost' (using password: YES)
Get "jdbc.SQLServerException: Incorrect syntax near ','" error when exececute PreparedStatement
SQL Server Database Connection Errors
java.sql.SQLException: No value specified for parameter 5, but the string length is 4, not 5