FaqSecuringDBConnectionPasswords
How do I secure my database password?
NetBeans 6.9 or newer
There is a new Keyring API for storing passwords securely. Read more in blog http://blogs.sun.com/geertjan/entry/netbeans_keyring_api
Older releases
In NetBeans 6, you are given the option to save the password for a connection when you create a new connection or any time you open a connection. This is convenient because you don't have to type in the password each time, and you don't even have to press the OK button in the Connect dialog - you can very quickly re-open the connection.
However, saving the password in your file system is a potential security risk.
The password is stored in a per-connection XML file that contains all the information for that connection. These XML files are stored in your userdir under config/Databases/Connections. Each XML file has a name that matches the connection URL, e.g
jdbc_derby__localhost_1527_sampl.xml
The password is scrambled to avoid accidental revelation, but the scrambling algorithm is not secure and the password can easily be unscrambled by anyone who is motivated to do so.
To protect your password, you need to make this file readable/writeable only to those who need access to it. Use the tools for your operating to set the permissions.
Applies to: NetBeans 6.0
Platforms: All
Back to NetBeans IDE Database Connectivity FAQs
Back to NetBeans User FAQs
