Open TioCoding opened 5 years ago
If you embed the password with the application I'm not sure it has the desired security effect you're after. Maybe you could ask the user for the password on first run and store it encrypted or at least as safe as possible after that? I don't see any solution where embedding the password within the application gives any real security.
This is mainly to encrypt the IP within the application and can prevent users from hitting the server with many requests using 'Apache JMeter' or some other program.
Also to encrypt the POST, GET, PUT, DELETE requests and prevent them from intercepting them while sending this information.
Do you know any solution to these two operations? Thank you.
For the first problem use rate limiting and prevent connection if requesting ip made too many request within a set inteval.
The second problem can be fixed by using https; don't reinvent the wheel.
Thanks for the recommendations @mordechaim , but I have one last doubt. In my application I use an file database (H2) where I enter a username and password for a configuration file:
spring.datasource.username=username
spring.datasource.password=secret
I used Jasypt to encrypt the password, but this forces me to pass a password like my initial question. How could I solve this?
Thank you and regards.
If you include the username/password that sounds like the same as not having a username/password at all. You could either remove, hard code, or simply include a property file with the credentials, since this doesn't really offer any real security either.
Hello, I am using 'jasypt-spring-boot' for the encryption of some passwords within my application, but I need to pass a general password so that I can decrypt the strings.
I tried passing it through
applicationParameters
in thebuild.gradle
in this way:applicationParameters '--user.password=$password.secret'
The value of 'password.secret' I enter when packaging the application
But I have a problem with this, is that in the 'app.xml' file you see the password and that gives me insecurity:
Is there any way to pass the password and that no user can see it?
I'm using
fxlauncher-gradle-plugin
Thanks and regards.