-----------------------------
Please read the FAQ!
<http://java.apache.org/faq/>
-----------------------------
I store it as an encrypted String in a .properties file and retrieve it via
Properties.getProperty().
I believe it's best not to store it as clear text anywhere on the server in case
anyone manages to get remote access to the server.
Frank Morton wrote:
> -----------------------------
> Please read the FAQ!
> <http://java.apache.org/faq/>
> -----------------------------
>
> > I am using servlets / JDBC. It has been suggested that the best thing to
> do
> > with the DB password is to stick it into an "Environment variable" on the
> > web server and get it via a "getProperty()" call from within the servlet.
> > (This is opposed to having it "hard coded" into a class file which is what
> > I currently do).
> >
> > Does anybody have any comments on the relative security of both methods?
> Or
> > is there a better way which I have not heard about?
>
> My only comment is that this is how I am doing it all the time and I
> am uncomfortable with it. I'd like also to hear of alternatives other
> have come up with.
>
> --
> --------------------------------------------------------------
> Please read the FAQ! <http://java.apache.org/faq/>
> To subscribe: [EMAIL PROTECTED]
> To unsubscribe: [EMAIL PROTECTED]
> Archives and Other: <http://java.apache.org/main/mail.html>
> Problems?: [EMAIL PROTECTED]
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
