security - What is the best practices in Java for secure storage of data? -
i have java application , need save passwords encrypted file. got advice utilize windows api. found jdpapi jni wrapper around ms dpapi. seems good. want know libraries or methods exist utilize windows api secure storage of info file? or methods exist secure storage in java without using windows api? never utilize secure storage. can talk me best practices in java secure storage of info , without windows api?
first: using windows api kind of senseless. when can't imagine that, might possible have migrate.
second: storing password encrypted makes sense when come in encryption key during applications runtime. if store in configuration file, not create sense.
the encryption key stored thread local variable after entered.
i suggest using property files , encrypt , decrypt values in service layer using bouncy castle. way can mix encrypted , unencrypted values in same file.
you of course of study utilize spring , necessary stuff quite using spring security crypto.
in case talking of web app using hibernate, i'd suggest using properties stored in database , utilize jasypt transparent encryption.
java security winapi
No comments:
Post a Comment