FaqSecuringDBConnectionPasswords

How do I secure my database password?

NetBeans 6.9 or newer

There is a new Keyring API for storing passwords securely. Read more in blog http://blogs.sun.com/geertjan/entry/netbeans_keyring_api



Older releases

In NetBeans 6, you are given the option to save the password for a connection when you create a new connection or any time you open a connection. This is convenient because you don't have to type in the password each time, and you don't even have to press the OK button in the Connect dialog - you can very quickly re-open the connection.

However, saving the password in your file system is a potential security risk.

The password is stored in a per-connection XML file that contains all the information for that connection. These XML files are stored in your userdir under config/Databases/Connections. Each XML file has a name that matches the connection URL, e.g

jdbc_derby__localhost_1527_sampl.xml

The password is scrambled to avoid accidental revelation, but the scrambling algorithm is not secure and the password can easily be unscrambled by anyone who is motivated to do so.

To protect your password, you need to make this file readable/writeable only to those who need access to it. Use the tools for your operating to set the permissions.


Applies to: NetBeans 6.0

Platforms: All


Back to NetBeans IDE Database Connectivity FAQs

Back to NetBeans User FAQs

Not logged in. Log in, Register

By use of this website, you agree to the NetBeans Policies and Terms of Use. © 2012, Oracle Corporation and/or its affiliates. Sponsored by Oracle logo