CODEWITHSUNDEEP
javajspsecuritydatabase-connectionweb-hosting
user3868051
user3868051

Reputation: 1249

Providing security to jsp page which is to be uploaded on a web host

I am very new to all this. I have created a web application which consists of all jsp pages(Note : the html content is embedded in those jsp pages itself along with the main logic) some snippets of my code are as below : 

<%
final String host = "jdbc:mysql://mySQLPath/ShopSystem";
final String uName = "myUsername";
final String uPass = "myPassword";
Connection con = DriverManager.getConnection( host, uName, uPass );
%>

A lot of my files have the above lines of code. Now I wish to upload these files on a web host as an attempt to publish my website. But what I am worried is that in doing so I will be uploading my username and password as well on the third party site.

Is there any other better way to do this? I don't want any third person from being able to view my url, username and password.

Upvotes: 3

Views: 112

Answers (2)

Santhosh
Santhosh

Reputation: 8187

Adding to the @Jigar Joshi answer , it is good practice to write the database details in separate config file .

It is also useful in the case when you consider to change. as you said you many files holding this values you change them in one common place and load them to apply in all files.

Create a config.properties file in your class path of your application.

In your jsp read from the property file , so your code wont show them 

        Properties props = new Properties();    
        FileInputStream fis = null;
        Connection con = null;  
        fis = new FileInputStream("File.properties");
        props.load(fis);

        // load the Driver Class
        Class.forName(props.getProperty("DB_DRIVER_CLASS"));

        // create the connection now
        con = DriverManager.getConnection(props.getProperty("DB_URL"),
                props.getProperty("DB_USERNAME"),
                props.getProperty("DB_PASSWORD"));

in your jsp will do the job for you . but you to learn about optimizing the database through Datasource and also learn about connection pooling to avoid leaked connections.

Hope this helps !!

Upvotes: 1

Jigar Joshi
Jigar Joshi

Reputation: 240860

externalize secure information from source and put it in configuration and let your app read from pre-specified location for config

Upvotes: 0

Related Questions