从 java 应用程序访问 JavaDB/Derby 数据库的最安全方法是什么?
What is the securest way of accessing a JavaDB/Derby database from a java app?
我最近正在尝试创建一种安全的方式来访问嵌入式数据库,而不会将用户名和密码透露给知道如何读取 .class 文件的人。我对安全性几乎一无所知,所以任何帮助、提示、建议都会很有用。
PD:我没有任何其他安全配置,所以如果您有更多关于安全的提示,我也将不胜感激。
public void initializeDatabase() {
System.setProperty("derby.system.home", ".\Data");
final String userAndPassword = "user=userName;password=strongPassword";
final String databaseURL = "jdbc:derby:directory:MyDerbyDB;" + userAndPassword;
// Opens the database connection.
try (Connection connection1 = DriverManager.getConnection(databaseURL)) {
} catch (SQLException exception1) {
if (exception1.getSQLState().equals("XJ004")) { // Database not found.
// Creates the database if it doesn't exist.
try (Connection connection2 = DriverManager.getConnection(databaseURL + ";create=true")) {
} catch (SQLException exception2) {
Logger.getLogger(ElVecino.class.getName()).log(Level.SEVERE, null, exception2);
System.exit(1);
}
// Create and initialize the database's tables.
EntityManagerFactory emf = Persistence.createEntityManagerFactory("ElVecinoPU");
EntityManager em = emf.createEntityManager();
EntityTransaction et = em.getTransaction();
try {
et.begin();
em.persist(new Category("A random category 1"));
em.persist(new Category("A random category 2"));
et.commit();
} catch (IllegalStateException e) {
} catch (EntityExistsException e) {
} catch (TransactionRequiredException e) {
} catch (RollbackException e) {
et.rollback();
}
em.close();
emf.close();
} else {
Logger.getLogger(ElVecino.class.getName()).log(Level.SEVERE, null, exception1);
System.exit(1);
}
}
// Closes the database connection.
try {
DriverManager.getConnection(databaseURL + ";shutdown=true");
//DriverManager.getConnection("jdbc:derby:;" + userAndPassword + ";shutdown=true");
} catch (SQLException exception) {
switch (exception.getSQLState()) {
case "08006": // Database shutdown.
case "XJ015": // Derby system shutdown.
break;
default:
Logger.getLogger(ElVecino.class.getName()).log(Level.SEVERE, null, exception);
System.exit(1);
}
}
}
我根本不会在源代码中存储凭据。相反,通过 JNDI
从外部目录检索它们
https://db.apache.org/derby/docs/10.3/devguide/cdevcsecure38522.html
我最近正在尝试创建一种安全的方式来访问嵌入式数据库,而不会将用户名和密码透露给知道如何读取 .class 文件的人。我对安全性几乎一无所知,所以任何帮助、提示、建议都会很有用。
PD:我没有任何其他安全配置,所以如果您有更多关于安全的提示,我也将不胜感激。
public void initializeDatabase() {
System.setProperty("derby.system.home", ".\Data");
final String userAndPassword = "user=userName;password=strongPassword";
final String databaseURL = "jdbc:derby:directory:MyDerbyDB;" + userAndPassword;
// Opens the database connection.
try (Connection connection1 = DriverManager.getConnection(databaseURL)) {
} catch (SQLException exception1) {
if (exception1.getSQLState().equals("XJ004")) { // Database not found.
// Creates the database if it doesn't exist.
try (Connection connection2 = DriverManager.getConnection(databaseURL + ";create=true")) {
} catch (SQLException exception2) {
Logger.getLogger(ElVecino.class.getName()).log(Level.SEVERE, null, exception2);
System.exit(1);
}
// Create and initialize the database's tables.
EntityManagerFactory emf = Persistence.createEntityManagerFactory("ElVecinoPU");
EntityManager em = emf.createEntityManager();
EntityTransaction et = em.getTransaction();
try {
et.begin();
em.persist(new Category("A random category 1"));
em.persist(new Category("A random category 2"));
et.commit();
} catch (IllegalStateException e) {
} catch (EntityExistsException e) {
} catch (TransactionRequiredException e) {
} catch (RollbackException e) {
et.rollback();
}
em.close();
emf.close();
} else {
Logger.getLogger(ElVecino.class.getName()).log(Level.SEVERE, null, exception1);
System.exit(1);
}
}
// Closes the database connection.
try {
DriverManager.getConnection(databaseURL + ";shutdown=true");
//DriverManager.getConnection("jdbc:derby:;" + userAndPassword + ";shutdown=true");
} catch (SQLException exception) {
switch (exception.getSQLState()) {
case "08006": // Database shutdown.
case "XJ015": // Derby system shutdown.
break;
default:
Logger.getLogger(ElVecino.class.getName()).log(Level.SEVERE, null, exception);
System.exit(1);
}
}
}
我根本不会在源代码中存储凭据。相反,通过 JNDI
从外部目录检索它们https://db.apache.org/derby/docs/10.3/devguide/cdevcsecure38522.html