This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Servlets and the fly likes Correct place to store the DB credentials Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Correct place to store the DB credentials" Watch "Correct place to store the DB credentials" New topic
Author

Correct place to store the DB credentials

Maneesh Godbole
Saloon Keeper

Joined: Jul 26, 2007
Posts: 10172
    
    8

I got one servlet based application, which connects to a DB among other things.
Right now I am hardcoding the DB credentials.

We will soon be shifting to Beta phase, where the application will be test deployed at multiple client sites. Obviously the DB credentials need to be changed for every site.
I was wondering if the web.xml is the correct place to put these credentials? This would certainly avoid me the hassle of rebuilding it every time, but I am not really comfortable with the credentials lying out in a human readable format.
I am being paranoid over this, considering that the web.xml is not accessible to the public?


[How to ask questions] [Donate a pint, save a life!] [Onff-turn it on!]
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60804
    
  65

As we're using Hibernate, the credentials never appear at he UI layer, but in other situations I've tended to put then in external properties files.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Maneesh Godbole
Saloon Keeper

Joined: Jul 26, 2007
Posts: 10172
    
    8

Hibernate is not applicable in my scenario.

Any particular reason for the properties file instead of the web.xml? Are there any problems if they are in the web.xml?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41150
    
  45
I'd second putting stuff into properties files instead of web.xml. DB configuration has nothing to do with web setup (which is what web.xml is about).

These days, the only parameter I keep in web.xml is the name of the properties file that has all the configuration data.


Ping & DNS - my free Android networking tools app
Maneesh Godbole
Saloon Keeper

Joined: Jul 26, 2007
Posts: 10172
    
    8

Ok.
Thanks Bear, Ulf for the input.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Correct place to store the DB credentials
 
Similar Threads
Identifying a new physical connection versus a logical connection in a jdbc connection pool
Login page security using Servlet
issue with duke bank application
EJB, JDBC Realm, Session tracking
Glasfish: JDBC Realm and Session Tracking.