//Creating a variable for the connection called //"con"
Connection con = DriverManager.getConnection("jdbc:mysql://IP_ADDRESS:3306/DATABASE_NAME", "USERNAME", "PASSWORD");
...If I don't want at least the username and password to be shown in clear text... is there something I can do?
Have them in a file thats encrypted or... I don't know.. something?
Oh, also, how can I encrypt the password they enter before sending it to the database?
you can off course encrypt it, but it'll still need to be equal to the username and password of the database.
you can keep the username and password in a properties file, or in an xml file, but the most secure way, I guess, is to have the user enter it manually.
you can off course encrypt it, but it'll still need to be equal to the username and password of the database.
you can keep the username and password in a properties file, or in an xml file, but the most secure way, I guess, is to have the user enter it manually.
1. But /how/ do I encrypt it? In PHP there's a simple md5() function, isn't there some equivalent in Java?
2. How can I create a propterties file?
a properties file? it's basicly a plain text file with extension .properties.
how you encrypt it? well .. either you look for standard functions or libraries that do this for you, or you can write your own encrypting classes.
Encryption: there's no reason to go further than the API classes that are included with every Java installation.
http://download.oracle.com/javase/6/docs/technotes/guides/security/
Encryption: there's no reason to go further than the API classes that are included with every Java installation.
http://download.oracle.com/javase/6/docs/technotes/guides/security/
Could you give me a small example?
Just simply encrypting "password"
String pw = "password";
...
OK, I have a problem...
The code works fine in Eclipse, but when I try to compile it into a .jar, I get a bunch of errors.
Code:
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.util.Scanner;
import com.mysql.jdbc.PreparedStatement;
public class Main
{
private static Scanner scn = new Scanner(System.in);
public static void main(String[] argv) throws Exception
{
Class.forName("com.mysql.jdbc.Driver");
Main main = new Main();
int choice = 0;
System.out.println("\t\tWelcome !\n\n");
System.out.print(
"1. Get Data From the table \"testtable\"\n"+
"2. Insert data into the table \"testtable\"\n"+
"Your choice?: "
);
choice = scn.nextInt();
scn.nextLine();
switch( choice )
{
case 1:
main.getInfo();
break;
case 2:
main.insertInfo();
break;
default:
System.out.print("Was neither 1 or 2. Terminating program...");
}
}
private void getInfo() throws Exception
{
//Class.forName("com.mysql.jdbc.Driver");
Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/testdb", "guest", "shahin33");
PreparedStatement statement = (PreparedStatement) con.prepareStatement("SELECT * FROM testtable");
ResultSet result = statement.executeQuery();
System.out.println();
System.out.println("USERNAME\tPASSWORD");
while( result.next() )
{
System.out.println(result.getString(1) + "\t\t" + result.getString(2));
}
result.close();
con.close();
}
private void insertInfo() throws Exception
{
System.out.print("\nUsername: ");
String username = scn.nextLine();
System.out.print("Password: ");
String password = scn.nextLine().toLowerCase();
Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/testdb", "guest", "shahin33");
PreparedStatement statement = (PreparedStatement) con.prepareStatement("INSERT INTO testtable VALUES(?,?)");
statement.setString(1, username);
statement.setString(2, password);
statement.executeUpdate();
System.out.println("\nUser information has been inserted to the database.\nRun the program again and chose 1 to see result.");
statement.close();
con.close();
}
}The .bat file I use to compile into a .jar:
@echo off
set /p fileName="Name for the file? Exclude .jar: "
copy *.java "Source Code"
javac *.java
jar -cvfm %fileName%.jar manifest.txt *.class "Source Code"
del *.class /f /q
del "Source Code" /f /qMy error message:
C:\Users\shahin\Desktop\JavaComp>Compile_N_Whatnot.bat
Name for the file? Exclude .jar: comonXXXXXX
Main.java
1 fil(er) kopierad(e).
Main.java:5: error: package com.mysql.jdbc does not exist
import com.mysql.jdbc.PreparedStatement;
^
Main.java:51: error: cannot find symbol
PreparedStatement statement = (PreparedStatement) con.prepa
tement("SELECT * FROM testtable");
^
symbol: class PreparedStatement
location: class Main
Main.java:51: error: cannot find symbol
PreparedStatement statement = (PreparedStatement) con.prepa
tement("SELECT * FROM testtable");
^
symbol: class PreparedStatement
location: class Main
Main.java:75: error: cannot find symbol
PreparedStatement statement = (PreparedStatement) con.prepa
tement("INSERT INTO testtable VALUES(?,?)");
^
symbol: class PreparedStatement
location: class Main
Main.java:75: error: cannot find symbol
PreparedStatement statement = (PreparedStatement) con.prepa
tement("INSERT INTO testtable VALUES(?,?)");Had to add the mysql-connector .jar file to my classpath
But /how/ do I encrypt it? In PHP there's a simple md5() function, isn't there some equivalent in Java?
MD5 is not encryption but just a one-way/irreversible hashing algorithm. You have two different issues here: storing password in secure format and sending across password over the network in a secure manner.
For the first one, look into the sample code for encrypting/decrypting the file.
As for the second one, look into this article for the relevant switches of the JDBC URL for MySQL. AFAICT, the approach in the article doesn't use certificates which makes things even messier. Searching around for "MYSQL jdbc ssl" should bring up some links on the MySQL documentation on the steps to set up JDBC over SSL with a certificate.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.