Update password configs to store encrypted passwords (instead of plain-texts) for Ignite DB
One type I know is AES,Is there any different techniques for encryption with pros and cons will be helpful.
Asked
Active
Viewed 137 times
0
-
Related: [How to encrypt database connection credentials on a web server?](https://security.stackexchange.com/questions/22817/how-to-encrypt-database-connection-credentials-on-a-web-server) – andrewJames Mar 22 '21 at 01:30
-
These is not completely related to the work I'm doing now. Could you able to help more? – Epp Mar 22 '21 at 15:08
-
Perhaps if you [edit] your question, you can provide more details and describe the specific problem you are facing. (If you ask for more general options and opinions, with pros and cons, there is a chance that your question will be closed for being off-topic.) – andrewJames Mar 22 '21 at 17:06
-
1Having said that, the most general advice I can give you is to focus on protecting your server, where the password config file is stored, rather than on storing the password as encrypted text (you will still need to decrypt that string anyway - and if someone can access the server where that happens, there is not much extra value in having it encrypted in the first place). – andrewJames Mar 22 '21 at 17:06
1 Answers
0
The easiest(and very common) way is to use Jasypt Password-Based Encryption. e.g.
String pass = System.getProperty("MySystemPropertyWithPass");
String encryptedValue = "...";
StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
encryptor.setPassword(pass);
String decryptValue = encryptor.decrypt(encryptedValue);
Gmugra
- 468
- 7
- 10