• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Class files

 
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,
I came across a very weird thing today. I have a class that holds all the variables that gets used all over the application, eg. the database password and username.
But today I opened a class file with Wordpad and when I do a search for the password it is there, along with the username.
Why is this? And is there a way of stopping it?
Tys
 
author and iconoclast
Posts: 24207
46
Mac OS X Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Were you expecting the .class files to be encrypted? The situation would be the same in any other language, not just Java. If you compile sensitive data into an executable form, that data will be trivially easy to extract. Instead, either encrypt the stored data, in which case the user would have to enter a key to allow the data to be decrypted, or simply require the user to supply the password itself at runtime.
 
Tys Seyffert
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Were you expecting the .class files to be encrypted? The situation would be the same in any other language, not just Java. If you compile sensitive data into an executable form, that data will be trivially easy to extract. Instead, either encrypt the stored data, in which case the user would have to enter a key to allow the data to be decrypted, or simply require the user to supply the password itself at runtime.
Thank you Ernest.
The password is set before the time and only our company knows what it is. So setting it at compile time isn't possible. Any other ideas?
 
reply
    Bookmark Topic Watch Topic
  • New Topic