Home > Others

Encrypt the user name password in the JDBC configuration file

Source: Internet
Author: User
Tags apache tomcat
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
The original address http://blog.csdn.net/ziwen00/article/details/10729683 the items we use are often this way: [HTML]View Plain copy print? <bean id= "DataSource" class= "Org.apache.commons.dbcp.BasicDataSource" destroy-method= "Close" P:driverclass Name= "Oracle.jdbc.driver.OracleDriver" p:url= "JDBC:ORACLE:THIN:@127.0.0.1:1523:ORCL" p:username= "CZW" p :p assword= "CZW"/> 
<bean id= "DataSource" class= "Org.apache.commons.dbcp.BasicDataSource"
	destroy-method= "Close" 
	p: Driverclassname= "Oracle.jdbc.driver.OracleDriver"
	p:url= "JDBC:ORACLE:THIN:@127.0.0.1:1523:ORCL" 
	p: Username= "CZW"
	p:password= "CZW"/>


There will be a fatal problem, if you have a middleware server machine access to the person, see this example Applicationcontext.xml file, and open the file, the IQ of the person will also know what the database user name and password is. This is necessary for the safety of the industry must be eliminated, this is a general technical interview will ask a question. So let's go ahead and answer the question.
First, we need to extract the configuration file into the property: [HTML] View Plain copy print? <bean class= "Org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"         p:location= "Classpath:jdbc.properties"        p:fileencoding= " Utf-8 "       />          <bean  Id= "DataSource"  class= "Org.apache.commons.dbcp.BasicDataSource"         Destroy-method= "Close"         p:driverclassname= "${driverclassname}"         p:url= "${url}"         p:username= "${username}"        p:password= "${password}"  />   
<bean class= "Org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"
  	p:location= " Classpath:jdbc.properties "
  	p:fileencoding=" Utf-8 "
  	/>
  	
<bean id=" DataSource "class=" Org.apache.commons.dbcp.BasicDataSource "
	destroy-method=" close " 
	p:driverclassname=" ${driverclassname} "
	p:url= "${url}" 
	p:username= "${username}" p:password=
	"${password}"/>


By modifying the first code above to the second code, the first class is responsible for fetching the properties in Jdbc.properties and populating it with datasource so that we can focus all our attention on jdbc.properties.
The question below is how to turn jdbc.properties into an invisible character. We only need to extend the decryption method of the Propertyplaceholderconfigurer parent class Propertyresourceconfigurer Convertproperty:
[HTML] View Plain copy print? package com.carddemo.commonutil;      import  org.springframework.beans.factory.config.propertyplaceholderconfigurer;      public  class convertpwdpropertyconfigurer extends propertyplaceholderconfigurer{         @Override        protected string convertproperty ( String propertyname, string propertyvalue)  {            system.out.println ("==================" +propertyname+ ":" +propertyvalue);            if ("UserName". Equals (PropertyName)) {                return  "CZW";            }           if ("Password". Equals ( PropertyName)) {   &NBSP;&Nbsp;          return  "CZW";            }           return  propertyvalue;       }  }   
Package com.cardDemo.commonUtil;

Import Org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;

public class Convertpwdpropertyconfigurer extends propertyplaceholderconfigurer{
	@Override
	protected String Convertproperty (String propertyname, String propertyvalue) {
		System.out.println ("==================" + Propertyname+ ":" +propertyvalue);
		if ("UserName". Equals (PropertyName)) {
			return "CZW";
		}
		if ("Password". Equals (PropertyName)) {
			return "CZW";
		}
		return propertyvalue;
	}
}


Then replace the above completed class with the Propertyplaceholderconfigurer in the configuration file:
[HTML]View Plain copy print? <bean class= "Com.cardDemo.commonUtil.ConvertPwdPropertyConfigurer" p:location= "Classpath:jdbc.properties" p : fileencoding= "Utf-8"/> 
<bean class= "Com.cardDemo.commonUtil.ConvertPwdPropertyConfigurer"
	p:location= "classpath:jdbc.properties "
	p:fileencoding=" Utf-8 "
	/>



In fact, in my just demo project, the files inside the jdbc.properties are as follows:
[Java]View Plain copy print? Driverclassname=oracle.jdbc.driver.oracledriver URL=JDBC:ORACLE:THIN:@127.0.0.1:1523:ORCL userName= Someoneelseunknowusername PASSWORD=SOMEPWDELSEUNKNOWPASSOWRD 
Driverclassname=oracle.jdbc.driver.oracledriver
URL=JDBC:ORACLE:THIN:@127.0.0.1:1523:ORCL
userName= Someoneelseunknowusername
PASSWORD=SOMEPWDELSEUNKNOWPASSOWRD



In fact, the real password is the Czw/czw,web program run time, display the following content:
2013-8-31 13:26:12 org.apache.catalina.core.StandardEngine Start info: Starting Servlet engine:apache tomcat/6.0.18 2013-8-31 13:26:14 org.apache.catalina.core.ApplicationContext Log info: Initializing Spring Root webapplicationcontext = =================URL:JDBC:ORACLE:THIN:@127.0.0.1:1523:ORCL ==================PASSWORD:SOMEPWDELSEUNKNOWPASSOWRD ==================driverclassname:oracle.jdbc.driver.oracledriver ==================username: Someoneelseunknowusername 2013-8-31 13:26:17 org.apache.catalina.core.ApplicationContext log info: Initializing Spring Frameworkservlet ' Carddemo ' 2013-8-31 13:26:18 org.apache.coyote.http11.Http11Protocol start info: Starting Coyote http/ 1.1 on http-8080 2013-8-31 13:26:18 org.apache.jk.common.ChannelSocket init info: jk:ajp13 listening on/0.0.0.0:8009
However, the content obtained in DataSource is the correct user name and password after the replacement. This is just a very simple example, just tell us a way to solve the database user name and password encryption, for example, we can write some more complex logic in the Propertyplaceholderconfigurer subclass, For example, according to Jdbc.properties in the configuration of the files in various means of encryption. In which the user name and password in Jdbc.propertes are replaced by other means, and so on.
Author Chen (keen to Pm\oracle\java, etc., welcome peer Exchange) Email:ziwen@163.com qq:409020100
If a technical interviewer asks you again, how to hide the user name and password in the configuration file, I want to be able to say this idea, if you can mention the Convertproperty method in Propertyplaceholderconfigurer subclasses, It was even more brilliant.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
get the permalink how to encrypt and decrypt password in batch file openssl encrypt file with password how to encrypt rar file with password how to encrypt password in php how to encrypt password in java http user password in url

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More