Encode bytes to base64 to get a string Public final String encrypt(final String message)Ĭipher.init(Cipher.ENCRYPT_MODE, key, PARAM_SPEC) įinal byte enc = cipher.doFinal(message.getBytes("UTF8")) Throw new RuntimeException("Could not create DesEncrypter: " + ex.getMessage(), ex) KeySpec = new PBEKeySpec(passPhrase.toCharArray(), SALT, ITERATION_COUNT) Public DesEncrypter(final String passPhrase) Private static final AlgorithmParameterSpec PARAM_SPEC = new PBEParameterSpec( You can use this to generate your password: import If you use the unlimited JCE Policy, you can also use better encryption algorithm but since we do nothing more than obfuscation, this will do the trick and won't let you end up with debugging sessions. Return nvertPropertyValue(originalValue) Return decrypt("", originalValue.substring(2)) If (StringUtils.isNotBlank(originalValue) & originalValue.startsWith(ENCRYPTIGION_LEADIN)) Return String convertPropertyValue(final String originalValue) Throw new EncrypterException("Error decrypting content.", e) Result = new String(cipher.doFinal(dec), "UTF-8") Throw new EncrypterException("Message is not a valid base64 message.") įinal Cipher cipher = Cipher.getInstance(ALGORITHM) Ĭipher.init(Cipher.DECRYPT_MODE, key, PARAM_SPEC) įinal byte dec = codeBase64(message) Throw new EncrypterException("Error setting up encryption details.", e) Key = SecretKeyFactory.getInstance(ALGORITHM).generateSecret(keySpec) Private static String decrypt(final String passPhrase, final String message)įinal KeySpec keySpec = new PBEKeySpec(passPhrase.toCharArray(), SALT, ITERATION_COUNT) Public EncrypterException(final String message) Public EncrypterException(final String message, final Throwable cause) Private static final long serialVersionUID = -7336009350594115318L Public static class EncrypterException extends RuntimeException Private static final String ENCRYPTIGION_LEADIN = "!!" All properties starting with !! will be decrypted. Private static final AlgorithmParameterSpec PARAM_SPEC = new PBEParameterSpec(SALT, ITERATION_COUNT) Private static final int ITERATION_COUNT = 19
Private static final String ALGORITHM = "PBEWithMD5AndDES" ** algorithm used for encrpytion and decryption */ Public class EncryptedPropertyPlacementConfigurer extends PropertyPlaceholderConfigurer Import .config.PropertyPlaceholderConfigurer On top it will also obfuscate the credentials in your SCM. However this solution is complient with most security bla-bla-bla.
Having passwords in configuration realy sucks and there is no silver bullet for it.
VIDEO GAME GUN JAM PASSWORD
Other than that, keep your password in your configuration file (which you can be fairly confident that the server won't show to the outside world), lock down your system and give the database user only the minimum permissions required. And if you are already paranoid (the good security kind, not the crazy kind) that someone has access to your server, you should consider that the DB password will reside in the system memory. What you are doing is obfuscating (and gaining a false sense of security) rather than actually securing it.Ī more secure solution is for a user to provide the password (or a password to decrypt the DB password) during your app's startup, but that will make administration really difficult. If an attacker goes to great lengths to gain access to your system you can be fairly confident that he will know that too. If you use some form of encryption to avoid storing a plaintext password your app will still have to decrypt it with another password which it will already have. If you use an app server's datasource then you just move the location of the plaintext password to a different file. This password would be used by my application to get connected to the database.įirst of all, you should be aware that no matter what you do, if an attacker gains access to your server files, he will be able to steal the password. PLEASE NOTE: As all user related passwords are already encrypted, I am only intended to hide the password of the DATABASE itself not table columns.
VIDEO GAME GUN JAM HOW TO
Is it a good idea to keep the username and password of database in a xml file and import it into security file of the spring security ? is there any better option? If I need to encrypt the password how to do it and how to find the encrypted version of password on phpMyAdmin? MySQL
0 kommentar(er)
