Hello I am a developer for a large Java system that includes a small application connecting to an encrypted H2 database with java.sql.DriverManager.getConnection(String url, Properties info). I would like to hardcode the database password in the application code ... perhaps some compiled C code wrapped by Java ... and then securely pass this to the DriverManager class to open my database. The system is installed on user's machines (not server based) and users are authenticated (by some sophisticated Windows Kerberos mechanism that I do not understand and cannot modify).
My concern is that users could (decompile and) substitute, say, the org.h2.Driver.class#getConnection(...) method in the H2 library and capture the password if in plain text (or hashed). My understanding of security is poor so I would be grateful if anyone has some strategies/pointers as to how to avoid this risk? (I have read the online help but could not see an obvious solution or am not understanding.) -- You received this message because you are subscribed to the Google Groups "H2 Database" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/h2-database. For more options, visit https://groups.google.com/d/optout.
