Menu
I'm using the following code to initialize database connection:
public Connection getConnection() {
try {
if (null == connection) {
String driverName = "com.mysql.jdbc.Driver"; // MySQL MM JDBC driver
Class.forName(driverName);
// Create a connection to the database
String serverName = "localhost";
String database = "database";
String url = "jdbc:mysql://" + serverName + "/" + mydatabase; // a JDBC url
String username = "username";
String password = "password";
connection = DriverManager.getConnection(url, username, password);
}
return connection;
} catch (ClassNotFoundException cnfe) {
cnfe.printStackTrace();
} catch (SQLException sqle) {
sqle.printStackTrace();
}
throw new NullPointerException("Cannot establish database connection...");
}
and I know it's bad practice to do it, also I ran FindBugs against the code, and got the security issue saying the following:
This code creates a database connect using a hardcoded, constant password. Anyone with access to either the source code or the compiled code can easily learn the password.
What's the best way to initialize database connection without having this security breach?
741
Read the password from a properties file or LDAP or similar and secure access to those to only the account used to run the software (which none of the developers should have access to).
84
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
