How to protect database username and password in shared hosting enviornment using spring
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" >
<property name="driverClassName"><value>com.mysql.jdbc.Driver</value></property>
<property name="url"><value>jdbc:mysql:///BUSINESS</value></property>
<property name="username"><value>root</value></property>
<property name="password"><value>password</value></property>
</bean>
I am not aware of any Spring specific solution for this.
In a shared hosting environment one should make sure that file’s aren’t public readable so other users can’t view the content of you’re files. In case of a shared application server, the app server should be in the same group, so only the application server gets access to you’re files.
An application should never use a MySql root password. You should create an MySql account with limited rights on a specific schema (for example an user that can only do DML statements and not DDL statements).
To keep the username/password out of a plain text file you could hardcode the configuration in a Java class (This is basicaly security through obscurity). Replacement configuration:
And add this class to you’re class path