How to correctly collect database login info?

Discussion in 'Plugin Development' started by RcExtract, Apr 4, 2018.

Thread Status:
Not open for further replies.
  1. Offline

    RcExtract

    So connecting to the database requires host, username, and password. How can i collect them so none of the third parties can view it except native java? (others can access the config file)
     
  2. Offline

    timtower Moderator Moderator

    @RcExtract Can't limit something to a certain language. You can encrypt it though, but that brings other issues.
     
  3. Offline

    RcExtract

    Ok. (What issues? Like storing the key?) Well then, how should i store the data without being accessible by server administrators?
     
  4. Offline

    timtower Moderator Moderator

    @RcExtract The data not being accessible anymore from flat file.
    Why do you want to store it without being accessible by server admins?
     
  5. Offline

    RcExtract

    Because some server owners may not want other administrators to know the database host, user and password.
    Also, flat file is accessible because it stores characters. Just there isnt a default program to open it.
     
    Last edited: Apr 5, 2018
  6. Offline

    timtower Moderator Moderator

    Then they shouldn't give the admin access to the file system.
    There is not a single way that you can make that isn't reversible.
     
  7. Offline

    RcExtract

    Where does java.util.prefs store the preferences?
     
  8. Offline

    timtower Moderator Moderator

    Don't know, didn't knew it existed.
     
  9. Offline

    RcExtract

    Ok i finally found the answer. The preferences are registered in HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Prefs and HKEY_CURRENT_USER\Software\JavaSoft\Prefs. For Windows, they are Windows Registry. I think this is the safest way to store the host, user and password. But this does not solve about how to collect data safely.
     
  10. Offline

    timtower Moderator Moderator

    @RcExtract Might not have access to that from the server with certain hosts.
    Does it also work on linux?
     
  11. Offline

    RcExtract

    So thats why there is a BackingStoreException. Thank you. I will make edits.
    Yes, it works on linux.
     
  12. Offline

    inventor02

    Just my two cents but perhaps if you don't want your server administrators accessing the database then there is a problem much larger than keeping your credentials secure? The entire point of server administrators AFAIK is to administrate the server, and they can't administrate the server effectively if they don't have access to parts of it.

    tl;dr; if you don't trust your server admin they shouldn't be a server admin probably.

    Anyway, that's just my opinion.
     
    RcExtract likes this.
Thread Status:
Not open for further replies.

Share This Page