Reputation: 377
secure sftp password in java program
I am writing a Java Program and I have a pretty basic question.
I want to access and write files from/to a Server using SFTP for example with JSch http://www.jcraft.com/jsch/ or edtftpj http://enterprisedt.com/products/edtftpj/
My question is: With all these tools I have to save the password in the source code. If I want to give this program to anyone and they reverse engineer it they have access to the Server....not desired.
Any ideas how this can be handled?
Upvotes: 1
Views: 764
Answers (2)
Reputation: 858
Alternatively pass in the password as a parameter at runtime
as for configuring a file that can only be read by a certain user, it depends on the OS, but on most linux variants it would look like:
chmod 400 file
chown user file
Upvotes: 0
Reputation: 1176
Either read the password from a file in plain text (which should have its permissions limited so no one but the user can read it) or use a private key for authentication which would be functionally equivalent.
The most secure option would be to not save passwords at all and always ask for user input. With that choice you could optionally save the password in memory for later use but it would be cleared again when you close the program.
Upvotes: 1
Related Questions
- Java SFTP (apache vfs2) - password with @
- How to retrieve a file from a server via SFTP?
- How to secure an SFTP password in an APK file
- Secure FTP with org.apache.commons.net.ftp.FTPClient
- SFTP server multiple user authentication
- Java SFTP Client - Conceptional
- Convert from FTP to SFTP
- Secure FTP using private key authentication in java
- Secure FTP using private key authentication
- Java Secure FTP Applet