Secure JDBC authentication without providing plaintext passwords

Discussion in 'Mac Programming' started by foidulus, Feb 24, 2008.

  1. foidulus macrumors 6502a

    Jan 15, 2007
    At work I have been tasked with finding a system to replace the old plaintext username/password system that we have been using for our apps to connect to JDBC. We have about 100 workstations bound to our Open Directory Server and are not connected to the internet. We used to just throw the username and password in a plain text file, but are looking for a more secure way to do this. Is there any way to authenticate the user without forcing them to enter yet another password?

    All the workstations are Tiger 10.4.10 and the DB server is running postgres on RHEL 4.

  2. Cromulent macrumors 603


    Oct 2, 2006
    The Land of Hope and Glory
    Couldn't you just use SSL or something similar?
  3. robbieduncan Moderator emeritus


    Jul 24, 2002
    I think the issue is not the over-the-wire transfer of the passwords: JDBC can already encrypt that. The issue is that there is a "functional" account, i.e. and shared account everyone uses. At the moment they simply include a plain text file with the username/password in it. The problem with this is that the user group can discover the username/password and log directly into the database bypassing the app.

    It'd suggest accessing the Keychain from Java. A quick Google search indicates it should be possible.

Share This Page