I'm building some dynamic website that will query the MySQL database from Apache Tomcat interface. Although the database stores all the user information with encrypted password, it seems I still need to explicitly write the password (root or admin account) in the java code to authenticate the users. I feel this is not very safe. What's the correct way to do that?
Thank you!
Since you are working with an application server/servlet container like Tomcat, you can leverage the databsae connection details to the server and just fetch a connection from your application.
In Tomcat, you can configure JDBC connections in the context.xml file in which you set the connection's driver, URL, user and password. You also configure a reference name for this connection. Ej:
<Resource name="jdbc/TestDB" auth="Container" type="javax.sql.DataSource"
maxActive="100" maxIdle="30" maxWait="10000"
username="javauser" password="javadude" driverClassName="com.mysql.jdbc.Driver"
url="jdbc:mysql://localhost:3306/javatest"/>
Later, you add a reference to this server resource in your application's web.xml config file:
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<description>MySQL Test App</description>
<resource-ref>
<description>DB Connection</description>
<res-ref-name>jdbc/TestDB</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
</web-app>
Finally, you can now instantiate Connection objects refering to the resource's name as a JNDI context:
Context initContext = new InitialContext();
Context envContext = (Context)initContext.lookup("java:/comp/env");
DataSource ds = (DataSource)envContext.lookup("jdbc/myoracle");
Connection conn = ds.getConnection();
Code taken from this Apache Tomcat Howto.
You will have to have the password available somewhere in order to connect to the database and this is the case for almost any application. This is the reason you use other layers of security to prevent people from being able to use that password should they discover it somehow.
Usually a database server is secured to only allow connections from the local machine it resides on or perhaps a limited whitelist of other machines. If you are not using the same password for anything else then anyone who steals it won't have any more power to access your database than before as they would need to be on the server to use the password.
If someone has managed to get on your server and can edit files then the password is already irrelevant and with sufficient privileges they won't need it anyway.
As AmazingDreams says, you tend to read it from a config file which provides a single location that can be referenced when bootstrapping your application and setting up the database connection.
As other have said, it will have to be stored somewhere, and usually the best place for this is a configuration file. It is also possible to setup passwordless MySQL accounts (obviously this is not a good idea on a shared server, or if you allow remote access to mysql, or have tools like phpmyadmin publicly accessible).
You should also lock-down the privileges of the user account you are using for your website and use a different user for administration tasks. E.g. if your website only needs to read data from a few tables, grant only SELECT access to those tables. Generally a website user wont need access to DROP or EMPTY tables, or INSERT into event-log type tables.
When I have to share code I'am also concerned about this. In php i use a simple approach that is encode de password with any simple function (like base64), and in the code instead of the actual password, i write the encoded one and call the decoding function somewhere. The security is not high if somebody is actually trying to find out, but is good enough to avoid every casual observer to see your password. This is in php.
In Java you can do a further approach.
In your code your only write the encoded password, and make a call to the decoding function, something like this:
public static final String PASSWD = DecodingHelper.decode ("THE_ENCODED_STRING");
