0

I'm working on a desktop app that talks with a database. I also want to implement user authentication. I can set all this up easily, but isn't it not secure just to have all that info in the source code? I know it's not a web app but still, just want to make sure I'm doing it right. For example, you could connect like this:

Connection conn = DriverManager.getConnection("host","user", "password");

Would this be bad to have in your source code?

Improve this question
3
  • You need to give a more specific description of what you intend to do, otherwise nobody can answer this. One thing: if you connect to a database from a desktop application, you can expect that database to handle the authentication. You just need to ask the user for username/password and use those when you connect to the database. Commented Nov 8, 2015 at 6:20
  • @ErwinBolwidt I edited the question, is it a bad practice to have things like password or connection strings hard coded? Commented Nov 8, 2015 at 6:32
  • Cmon man, we get this question daily. Use search Commented Nov 8, 2015 at 19:00

1 Answer 1

Reset to default
1

What I have used in my applications is a salted password. Passing a salted password is a lot more secure! Since there is no need to re-invent the wheel, Here is some source code to salt passwords that you can integrate into your program.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you so much @Frank! I will def give this a shot!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.