Java Tokenization with Gradle












0














For my current project, I'm working on connecting to a MySQL database using Java.



I have a bit of code, in which I'm using Gradle to substitute sensitive database credentials into the .java file using ReplaceTokens to populate a new version of the file in the build directory and source that version (with the replaced "detokenized" values) to compile the .class file.



I do not anticipate anyone aside from the core dev team handling the source .java files, only the .war which contains the compiled .class files. However, from a peek at these .class files using vim, I can tell that the detokenized values are plainly visible in the compiled bytecode.



My question is, assuming a scenario in which my .class files could be retrieved from the server by a potentially malicious agent, is there any better method of tokenization that would give another layer of security to the database credentials?



For additional information, the MySQL DB is accessed through a socket only, so I do not expect a malicious agent could do anything with the DB credentials alone, but I would like to make it as difficult as possible to determine these credentials anyway.



Thank you for any advice! I'm still very new to Java and Gradle in general, but this project has already given me much insight into what can be done.






java security gradle







share|improve this question


















  • 2




    Pass the values as encrypted strings and then decrypt in your runtime
    – Scary Wombat
    Nov 12 at 2:00










  • @ScaryWombat Thank you for the suggestion! Do you have an example, link or otherwise, of what this encrypt/decrypt implementation would look like?
    – 3d12
    Nov 12 at 18:49
















0














For my current project, I'm working on connecting to a MySQL database using Java.



I have a bit of code, in which I'm using Gradle to substitute sensitive database credentials into the .java file using ReplaceTokens to populate a new version of the file in the build directory and source that version (with the replaced "detokenized" values) to compile the .class file.



I do not anticipate anyone aside from the core dev team handling the source .java files, only the .war which contains the compiled .class files. However, from a peek at these .class files using vim, I can tell that the detokenized values are plainly visible in the compiled bytecode.



My question is, assuming a scenario in which my .class files could be retrieved from the server by a potentially malicious agent, is there any better method of tokenization that would give another layer of security to the database credentials?



For additional information, the MySQL DB is accessed through a socket only, so I do not expect a malicious agent could do anything with the DB credentials alone, but I would like to make it as difficult as possible to determine these credentials anyway.



Thank you for any advice! I'm still very new to Java and Gradle in general, but this project has already given me much insight into what can be done.






java security gradle







share|improve this question


















  • 2




    Pass the values as encrypted strings and then decrypt in your runtime
    – Scary Wombat
    Nov 12 at 2:00










  • @ScaryWombat Thank you for the suggestion! Do you have an example, link or otherwise, of what this encrypt/decrypt implementation would look like?
    – 3d12
    Nov 12 at 18:49














0












0








0







For my current project, I'm working on connecting to a MySQL database using Java.



I have a bit of code, in which I'm using Gradle to substitute sensitive database credentials into the .java file using ReplaceTokens to populate a new version of the file in the build directory and source that version (with the replaced "detokenized" values) to compile the .class file.



I do not anticipate anyone aside from the core dev team handling the source .java files, only the .war which contains the compiled .class files. However, from a peek at these .class files using vim, I can tell that the detokenized values are plainly visible in the compiled bytecode.



My question is, assuming a scenario in which my .class files could be retrieved from the server by a potentially malicious agent, is there any better method of tokenization that would give another layer of security to the database credentials?



For additional information, the MySQL DB is accessed through a socket only, so I do not expect a malicious agent could do anything with the DB credentials alone, but I would like to make it as difficult as possible to determine these credentials anyway.



Thank you for any advice! I'm still very new to Java and Gradle in general, but this project has already given me much insight into what can be done.






java security gradle







share|improve this question













For my current project, I'm working on connecting to a MySQL database using Java.



I have a bit of code, in which I'm using Gradle to substitute sensitive database credentials into the .java file using ReplaceTokens to populate a new version of the file in the build directory and source that version (with the replaced "detokenized" values) to compile the .class file.



I do not anticipate anyone aside from the core dev team handling the source .java files, only the .war which contains the compiled .class files. However, from a peek at these .class files using vim, I can tell that the detokenized values are plainly visible in the compiled bytecode.



My question is, assuming a scenario in which my .class files could be retrieved from the server by a potentially malicious agent, is there any better method of tokenization that would give another layer of security to the database credentials?



For additional information, the MySQL DB is accessed through a socket only, so I do not expect a malicious agent could do anything with the DB credentials alone, but I would like to make it as difficult as possible to determine these credentials anyway.



Thank you for any advice! I'm still very new to Java and Gradle in general, but this project has already given me much insight into what can be done.






java security gradle




java security gradle






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 12 at 1:59









3d12

234




234








  • 2




    Pass the values as encrypted strings and then decrypt in your runtime
    – Scary Wombat
    Nov 12 at 2:00










  • @ScaryWombat Thank you for the suggestion! Do you have an example, link or otherwise, of what this encrypt/decrypt implementation would look like?
    – 3d12
    Nov 12 at 18:49














  • 2




    Pass the values as encrypted strings and then decrypt in your runtime
    – Scary Wombat
    Nov 12 at 2:00










  • @ScaryWombat Thank you for the suggestion! Do you have an example, link or otherwise, of what this encrypt/decrypt implementation would look like?
    – 3d12
    Nov 12 at 18:49








2




2




Pass the values as encrypted strings and then decrypt in your runtime
– Scary Wombat
Nov 12 at 2:00




Pass the values as encrypted strings and then decrypt in your runtime
– Scary Wombat
Nov 12 at 2:00












@ScaryWombat Thank you for the suggestion! Do you have an example, link or otherwise, of what this encrypt/decrypt implementation would look like?
– 3d12
Nov 12 at 18:49




@ScaryWombat Thank you for the suggestion! Do you have an example, link or otherwise, of what this encrypt/decrypt implementation would look like?
– 3d12
Nov 12 at 18:49












1 Answer
1






active

oldest

votes


















1














Here is some simple code that does base64 encoding / decoding



I am using Blowfish for the algo



import javax.crypto.Cipher;

import javax.crypto.spec.SecretKeySpec;

import org.apache.commons.codec.binary.Base64;



public static String encrypt(String text) throws Exception

{

    SecretKeySpec sksSpec = new SecretKeySpec(key.getBytes(), algo );

    Cipher cipher = Cipher.getInstance(algo);

    cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, sksSpec);



    byte encrypt_bytes = cipher.doFinal(text.getBytes());

    return new String( Base64.encodeBase64(encrypt_bytes) );

}



public static String decrypt(String encrypt_str) throws Exception

{

    SecretKeySpec sksSpec = new SecretKeySpec(key.getBytes(), algo);

    Cipher cipher = Cipher.getInstance(algo);

    cipher.init(Cipher.DECRYPT_MODE, sksSpec);



    return new String(cipher.doFinal( Base64.decodeBase64(encrypt_str.getBytes("UTF-8"))));

}





share|improve this answer





















  • Thank you for sharing this implementation example! I will study it and see if I can adapt something similar to my needs.
    – 3d12
    Nov 14 at 1:35











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53255120%2fjava-tokenization-with-gradle%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









1














Here is some simple code that does base64 encoding / decoding



I am using Blowfish for the algo



import javax.crypto.Cipher;

import javax.crypto.spec.SecretKeySpec;

import org.apache.commons.codec.binary.Base64;



public static String encrypt(String text) throws Exception

{

    SecretKeySpec sksSpec = new SecretKeySpec(key.getBytes(), algo );

    Cipher cipher = Cipher.getInstance(algo);

    cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, sksSpec);



    byte encrypt_bytes = cipher.doFinal(text.getBytes());

    return new String( Base64.encodeBase64(encrypt_bytes) );

}



public static String decrypt(String encrypt_str) throws Exception

{

    SecretKeySpec sksSpec = new SecretKeySpec(key.getBytes(), algo);

    Cipher cipher = Cipher.getInstance(algo);

    cipher.init(Cipher.DECRYPT_MODE, sksSpec);



    return new String(cipher.doFinal( Base64.decodeBase64(encrypt_str.getBytes("UTF-8"))));

}





share|improve this answer





















  • Thank you for sharing this implementation example! I will study it and see if I can adapt something similar to my needs.
    – 3d12
    Nov 14 at 1:35
















1














Here is some simple code that does base64 encoding / decoding



I am using Blowfish for the algo



import javax.crypto.Cipher;

import javax.crypto.spec.SecretKeySpec;

import org.apache.commons.codec.binary.Base64;



public static String encrypt(String text) throws Exception

{

    SecretKeySpec sksSpec = new SecretKeySpec(key.getBytes(), algo );

    Cipher cipher = Cipher.getInstance(algo);

    cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, sksSpec);



    byte encrypt_bytes = cipher.doFinal(text.getBytes());

    return new String( Base64.encodeBase64(encrypt_bytes) );

}



public static String decrypt(String encrypt_str) throws Exception

{

    SecretKeySpec sksSpec = new SecretKeySpec(key.getBytes(), algo);

    Cipher cipher = Cipher.getInstance(algo);

    cipher.init(Cipher.DECRYPT_MODE, sksSpec);



    return new String(cipher.doFinal( Base64.decodeBase64(encrypt_str.getBytes("UTF-8"))));

}





share|improve this answer





















  • Thank you for sharing this implementation example! I will study it and see if I can adapt something similar to my needs.
    – 3d12
    Nov 14 at 1:35














1












1








1






Here is some simple code that does base64 encoding / decoding



I am using Blowfish for the algo



import javax.crypto.Cipher;

import javax.crypto.spec.SecretKeySpec;

import org.apache.commons.codec.binary.Base64;



public static String encrypt(String text) throws Exception

{

    SecretKeySpec sksSpec = new SecretKeySpec(key.getBytes(), algo );

    Cipher cipher = Cipher.getInstance(algo);

    cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, sksSpec);



    byte encrypt_bytes = cipher.doFinal(text.getBytes());

    return new String( Base64.encodeBase64(encrypt_bytes) );

}



public static String decrypt(String encrypt_str) throws Exception

{

    SecretKeySpec sksSpec = new SecretKeySpec(key.getBytes(), algo);

    Cipher cipher = Cipher.getInstance(algo);

    cipher.init(Cipher.DECRYPT_MODE, sksSpec);



    return new String(cipher.doFinal( Base64.decodeBase64(encrypt_str.getBytes("UTF-8"))));

}





share|improve this answer












Here is some simple code that does base64 encoding / decoding



I am using Blowfish for the algo



import javax.crypto.Cipher;

import javax.crypto.spec.SecretKeySpec;

import org.apache.commons.codec.binary.Base64;



public static String encrypt(String text) throws Exception

{

    SecretKeySpec sksSpec = new SecretKeySpec(key.getBytes(), algo );

    Cipher cipher = Cipher.getInstance(algo);

    cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, sksSpec);



    byte encrypt_bytes = cipher.doFinal(text.getBytes());

    return new String( Base64.encodeBase64(encrypt_bytes) );

}



public static String decrypt(String encrypt_str) throws Exception

{

    SecretKeySpec sksSpec = new SecretKeySpec(key.getBytes(), algo);

    Cipher cipher = Cipher.getInstance(algo);

    cipher.init(Cipher.DECRYPT_MODE, sksSpec);



    return new String(cipher.doFinal( Base64.decodeBase64(encrypt_str.getBytes("UTF-8"))));

}






share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 13 at 0:51









Scary Wombat

34.9k32252




34.9k32252












  • Thank you for sharing this implementation example! I will study it and see if I can adapt something similar to my needs.
    – 3d12
    Nov 14 at 1:35


















  • Thank you for sharing this implementation example! I will study it and see if I can adapt something similar to my needs.
    – 3d12
    Nov 14 at 1:35
















Thank you for sharing this implementation example! I will study it and see if I can adapt something similar to my needs.
– 3d12
Nov 14 at 1:35




Thank you for sharing this implementation example! I will study it and see if I can adapt something similar to my needs.
– 3d12
Nov 14 at 1:35


















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53255120%2fjava-tokenization-with-gradle%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

這個網誌中的熱門文章

Tangent Lines Diagram Along Smooth Curve

圖片
7 1 I am trying to replicate a diagram and have a minimal example. I don't know how to add additional tangents between the specified points and preserve smoothness. documentclass{article} usepackage{tikz} usetikzlibrary{calc,intersections} begin{document} begin{tikzpicture} % Axes draw [->, name path=x] (-1,0) -- (11,0) node [right] {$x$}; draw [->] (0,-1) -- (0,6) node [above] {$y$}; % Origin node at (0,0) [below left] {$0$}; % Points coordinate (start) at (1,-0.8); coordinate (c1) at (3,3); coordinate (c2) at (5.5,1.5); coordinate (c3) at (8,4); coordinate (end) at (10.5,-0.8); % show the points foreach n in {start,c1,c2,c3,end} fill [black] (n) circle (2pt) node [below] {}; % join the coordinates draw [thick,name path=curve] (start) to[out=70,in=180] (c1) to[out=0,in=180]
閱讀完整內容

Yusuf al-Mu'taman ibn Hud

圖片
Main article: Taifa of Zaragoza Al-Mu'taman Ruler of Zaragoza Reign 1081–1085 Predecessor Ahmad al-Muqtadir Successor Al-Mustain II Born Zaragoza Died 1085 Full name Yusuf ibn Ahmad al-Mu'taman ibn Hūd House Banu Hud Yusuf ibn Ahmad al-Mu'taman ibn Hūd (Arabic: المؤتمن بالله يوسف إبن أحمد إبن هود ‎, al-Mutaman bi l-Lah , died c. 1085) was the third king of the Banu Hud dynasty who ruled over the Taifa of Zaragoza from 1081 to 1085. Yusuf al-Mutaman reigned during the height of power of Muslim Zaragoza , following the thriving period of his father Ahmad al-Muqtadir. He continued his father's efforts and created around him a court of intellectuals, living in the beautiful palace of Aljafería, nicknamed as "the palace of joy". Al-Mu'taman was also a scholarly king and a patron of science, philosophy and arts. As an example of a wise king, he knew astrology, philosophy, and especially mathematics, a discipline in which
閱讀完整內容

Zucchini

圖片
This article is about the vegetable. For other uses, see Zucchini (disambiguation). Zucchini (courgette) A striped and a uniform color zucchini Genus Cucurbita Species Cucurbita pepo Origin 19th century northern Italy The zucchini ( / z uː ˈ k iː n i / , American English) or courgette ( / k ʊər ˈ ʒ ɛ t / , British English) is a summer squash which can reach nearly 1 metre (100 cm; 39 in) in length, but is usually harvested when still immature at about 15 to 25 cm (6 to 10 in). [1] A zucchini is a thin-skinned cultivar of what in Britain and Ireland is referred to as a marrow. [2] [3] In South Africa, a zucchini is known as a baby marrow. Along with certain other squashes and pumpkins, the zucchini belongs to the species Cucurbita pepo . It can be dark or light green. A related hybrid, the golden zucchini, is a deep yellow or orange color. [4] In a culinary context, the zucchini is treated as a vegetable; it is usually cooked and presented as a savory dish o
閱讀完整內容