Home/ Questions/Q 7865685
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-03T00:09:54+00:00

I have a java application that connects to a database. The user name and

  • 0

I have a java application that connects to a database.
The user name and password for the database are stored in a properties file.
What is the common practice to avoid storing the password in cleartext in the properties file while still retaining the option to let the user change it?
The main motivation here is to prevent someone looking over the admin’s shoulder and seeing the password while the admin is editing the properties file.
I read here that there’s a built in way to do it in C#.
Knowing java, I don’t expect to find a built in solution but I’d like to hear what other people are doing.
If I don’t find any good choice then I am probably going to encrypt it with a constant password that will be kept in the code. But I’d hate to do it this way because it feels wrong.

Edit Dec 12th 2012
Looks like there is no magic and I must store the password in the code or something similar.
At the end we implemented something very similar to what Jasypt that was mentioned in one of the answers does.
So I’m accepting the Jasypt answer because it is the closest thing to a definite answer.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    enter image description here

    Jasypt provides the org.jasypt.properties.EncryptableProperties class for loading, managing and transparently decrypting encrypted values in .properties files, allowing the mix of both encrypted and not-encrypted values in the same file.

    http://www.jasypt.org/encrypting-configuration.html

    By using an org.jasypt.properties.EncryptableProperties object, an
    application would be able to correctly read and use a .properties file
    like this:

    datasource.driver=com.mysql.jdbc.Driver 
datasource.url=jdbc:mysql://localhost/reportsdb 
datasource.username=reportsUser 
datasource.password=ENC(G6N718UuyPE5bHyWKyuLQSm02auQPUtm)

    Note that
    the database password is encrypted (in fact, any other property could
    also be encrypted, be it related with database configuration or not).

    How do we read this value? like this:

    /*
* First, create (or ask some other component for) the adequate encryptor for   
* decrypting the values in our .properties file.   
*/  
StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();     
encryptor.setPassword("jasypt"); // could be got from web, env variable...    
/*   
* Create our EncryptableProperties object and load it the usual way.   
*/  
Properties props = new EncryptableProperties(encryptor);  
props.load(new FileInputStream("/path/to/my/configuration.properties"));

/*   
* To get a non-encrypted value, we just get it with getProperty...   
*/  
String datasourceUsername = props.getProperty("datasource.username");

/*   
* ...and to get an encrypted value, we do exactly the same. Decryption will   
* be transparently performed behind the scenes.   
*/ 
String datasourcePassword = props.getProperty("datasource.password");

 // From now on, datasourcePassword equals "reports_passwd"...
    • 0