Supposing I have a web project on a server (as a war file) for example,
and this code requires my googlemail password so that it can send emails via smtp.
Currently I would just put my password in with the code (hard coding it in).
But if the war file could be downloaded from site, then possibly the password could be retrieved.
So I'm thinking possibly put the password in the sql database on the same server, and then just retrieve it when needed.
Also I was looking at encryption and decryption, but I don't know how that would help, I think I need to store password in database where its safe.
colin shuker wrote:But if the war file could be downloaded from site, then possibly the password could be retrieved.
True. But web sites typically don't allow that. Do you have one which does? Then you really ought to stop allowing it. If not, then what's the concern?
colin shuker
Ranch Hand
Joined: Apr 11, 2005
Posts: 712
posted
0
Thanks, I am able to download my war files from my website.
I just put them in the root directory, and when I enter www.mysitename.com/warfilename.war
I am able to download.
I'm not sure how one would prevent this.
Any thoughts? Thanks
colin shuker
Ranch Hand
Joined: Apr 11, 2005
Posts: 712
posted
0
Ok, seems I can turn off the 'read' option in the file permissions, and this works
"Any fool can write code that a computer can understand. Good programmers write code that humans can understand." --- Martin Fowler
Please correct my English.
I suggest you follow this thread as well. It handles roughly the same issue.
I'll repeat my suggestion from that thread: put your sensitive configuration files in the WEB-INF folder. According to the servlet container specification, none of the files and folders inside may be accessible directly through requests, only through JSP / servlet code.
0
