問題描述

我正在創建一個應用程序，我需要連接到一個數據庫.數據庫需要登錄名/密碼，因此應用程序可以執行選擇和插入等操作.

I am creating an application and I need to connect to a database. The database requires login/password so the application can do operations like select and insert.

在應用程序中我需要使用登錄名和密碼連接到數據庫，因此應用程序可以自由地對數據庫執行一些任務.我的問題是:如何在不暴露密碼的情況下存儲和使用密碼連接數據庫?

In the application I need to connect to the database using login and password, so the application is free to do some tasks on the database. My question is: how do I store and use a password to connect to the database without exposing the password?

我不能簡單地使用哈希或加密來存儲密碼，因為數據庫必須識別密碼(我認為大多數或所有數據庫都必須以純文本形式接收密碼).

I can't simply use a hash or encryption to store the password because the database must recognize the password (I think most or all databases must receive password as plain text).

.

.

注意:連接是由應用程序建立的.無需人工輸入即可進行連接.

Note: The connection is made by the application. No human input to do the connection.

(編輯)關于應用程序的更多信息:它是一個使用 servlets/jsp 的 Web 應用程序.數據庫位于應用程序的同一臺服務器上.應用程序的用戶是默認用戶，沒有完全的管理權限，但它可以插入/刪除行并執行大多數涉及查詢和表中數據修改的事情.

(Edit)More info about the application: it is a web application using servlets/jsp. The database is on the same server of the application. The user for the application is a default user without complete admin powers, but it may insert/delete rows and do most things that involve queries and data modification in tables.

推薦答案

通常的做法是將用戶名/密碼外部化為 property/config 文件，在運行時讀取(無論您是否使用本機 JDBC/JNDI/CDI/J2EE 數據源/等).

The usual way this is done is to externalize the username/password to a property/config file which is read at runtime (whether or not you use native JDBC/JNDI/CDI/J2EE datasource/etc).

系統管理員通過操作系統安全保護文件.

The file is protected via the O/S security by the sysadmins.

操作系統有比應用代碼更好的保護工具.

The O/S has better tools for protection than app code.

這篇關于如何在不暴露密碼的情況下連接到需要密碼的數據庫?的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！