How do you handle passwords or credentials for standalone applications?

Posted by Abel Morelos on Stack Overflow See other posts from Stack Overflow or by Abel Morelos
Published on 2010-04-20T18:03:40Z Indexed on 2010/05/12 1:04 UTC
Read the original article Hit count: 222

Filed under:

best-practices

|

password-protection

|

configuration

Let's say that you have a standalone application (a Java application in my case) and that this application has a configuration file (a XML file in my case) where you store the credentials (user and password) for a bunch of databases you need to connect.

Everything works great, but now you discover (or your are given a new requirement like me) that you have to put this application in a different server and that you can't have these credentials in the configuration files because of security and/or compliance considerations.

I'm considering to use data sources hosted in the application server (a WAS server), but I think this could have poor performance and maybe it's not the best approach since I'm connecting from a standalone application.

I was also considering to use some sort of encryption, but I would like to keep things as simple as possible.

How would you handle this case? Where would you put these credentials or protect them from being compromised? Or how would you connect to your databases in this scenario?

© Stack Overflow or respective owner

Related posts about best-practices

Batch Best Practices and Technical Best Practices Updated

as seen on Oracle Blogs - Search for 'Oracle Blogs'
The Batch Best Practices for Oracle Utilities Application Framework based products (Doc Id: 836362.1) and Technical Best Practices for Oracle Utilities Application Framework Based Products (Doc Id: 560367.1) have been updated with updated and new advice for the various versions of the Oracle… >>> More
Partial template specialization of free functions - best practices

as seen on Stack Overflow - Search for 'Stack Overflow'
As most C++ programmers should know, partial template specialization of free functions is disallowed. For example, the following is illegal C++: template <class T, int N> T mul(const T& x) { return x * N; } template <class T> T mul<T, 0>(const T& x) { return T(0); } //… >>> More
Object Oriented PHP Best Practices

as seen on Stack Overflow - Search for 'Stack Overflow'
Say I have a class which represents a person, a variable within that class would be $name. Previously, In my scripts I would create an instance of the object then set the name by just using: $object->name = "x"; However, I was told this was not best practice? That I should have a function set_name()… >>> More
Good place to look for example Database Designs - Best practices

as seen on Stack Overflow - Search for 'Stack Overflow'
I have been given the task to design a database to store a lot of information for our company. Because the task is rather big and contains multiple modules where users should be able to do stuff, I'm worried about designing a good data model for this. I just don't want to end up with a badly designed… >>> More
Notification Email Best Practices--From Server Setup to Programming

as seen on Stack Overflow - Search for 'Stack Overflow'
All, I'm in the process now of building a SaaS tool that allows network admins to generate notification emails to the members of the end-users of our platform (among many many other things). I'm running into a bit of an "out of my expertise" wall, as I know there are a lot of variables involved… >>> More

Related posts about password-protection

How good is PDF password protection?

as seen on Super User - Search for 'Super User'
It appears that Word's password protection is not really good, at least until Office 2003, if I read this SU entry correctly. I'm under the impression that Acrobat's PDF password protection should be better (it says 128-bit AES for Acrobat 7 and higher). Is that true? Of course, it depends on the… >>> More
How to remove password protection from compressed files

as seen on Super User - Search for 'Super User'
This has always been a problem for me for a long time. Let's see if any SuperUser can solve this: I have a directory in which there are lots of password protected .RAR files of which I know the passwords. I want to remove the password protection from all of them without extracting the contents… >>> More
How good is Word's password protection?

as seen on Super User - Search for 'Super User'
Hi, I have a password protected MS-Word 2007 file that needs to stay private. How good is Word's protection? If it's not very good, can you suggest a better method for keeping the file protected? EDIT: my goal is to send the protected file to a recipient (who knows the password). I assume this recipient… >>> More
PHP password protection question?

as seen on Stack Overflow - Search for 'Stack Overflow'
How do I use the sha512 function for PHP? Can I replace all my md5 funtions with the sha512 function? Do I have to download something if so what? Can any one provide examples? Thanks! >>> More
Password protection by .htaccess file not working after deployment on a new server

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, I migrated my application to a new server (from a VPS to a dedicated) yesterday and the password protection which was working correctly on the previous server (using .htaccess file - asking username/pass) doesn't work anymore : anyone can access the website without being asked to enter a username… >>> More