Home/ Questions/Q 6820883
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T21:28:42+00:00

I’m developing an application which read some data from a db. The connection to

  • 0

I’m developing an application which read some data from a db.
The connection to the db is performed through standard login/password mechanism.

The problem is: how to store the db password?
If I store it as a class member, it can be easily retrieved through a decompiling operation.

I think that obfuscation doesn’t solve the problem, since a string password can be found easily also in obfuscated code .

Anyone has suggestions?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Never hard-code passwords into your code. This was brought up recently in the Top 25 Most Dangerous Programming Mistakes

    Hard-coding a secret account and password into your software is extremely convenient — for skilled reverse engineers. If the password is the same across all your software, then every customer becomes vulnerable when that password inevitably becomes known. And because it’s hard-coded, it’s a huge pain to fix.

    You should store configuration information, including passwords, in a separate file that the application reads when it starts. That is the only real way to prevent the password from leaking as a result of decompilation (never compile it into the binary to begin with).

    See this wonderful answer for more detailed explanation : By William Brendel

    • 0