Java Tokenization with Gradle












0














For my current project, I'm working on connecting to a MySQL database using Java.



I have a bit of code, in which I'm using Gradle to substitute sensitive database credentials into the .java file using ReplaceTokens to populate a new version of the file in the build directory and source that version (with the replaced "detokenized" values) to compile the .class file.



I do not anticipate anyone aside from the core dev team handling the source .java files, only the .war which contains the compiled .class files. However, from a peek at these .class files using vim, I can tell that the detokenized values are plainly visible in the compiled bytecode.



My question is, assuming a scenario in which my .class files could be retrieved from the server by a potentially malicious agent, is there any better method of tokenization that would give another layer of security to the database credentials?



For additional information, the MySQL DB is accessed through a socket only, so I do not expect a malicious agent could do anything with the DB credentials alone, but I would like to make it as difficult as possible to determine these credentials anyway.



Thank you for any advice! I'm still very new to Java and Gradle in general, but this project has already given me much insight into what can be done.










share|improve this question


















  • 2




    Pass the values as encrypted strings and then decrypt in your runtime
    – Scary Wombat
    Nov 12 at 2:00










  • @ScaryWombat Thank you for the suggestion! Do you have an example, link or otherwise, of what this encrypt/decrypt implementation would look like?
    – 3d12
    Nov 12 at 18:49
















0














For my current project, I'm working on connecting to a MySQL database using Java.



I have a bit of code, in which I'm using Gradle to substitute sensitive database credentials into the .java file using ReplaceTokens to populate a new version of the file in the build directory and source that version (with the replaced "detokenized" values) to compile the .class file.



I do not anticipate anyone aside from the core dev team handling the source .java files, only the .war which contains the compiled .class files. However, from a peek at these .class files using vim, I can tell that the detokenized values are plainly visible in the compiled bytecode.



My question is, assuming a scenario in which my .class files could be retrieved from the server by a potentially malicious agent, is there any better method of tokenization that would give another layer of security to the database credentials?



For additional information, the MySQL DB is accessed through a socket only, so I do not expect a malicious agent could do anything with the DB credentials alone, but I would like to make it as difficult as possible to determine these credentials anyway.



Thank you for any advice! I'm still very new to Java and Gradle in general, but this project has already given me much insight into what can be done.










share|improve this question


















  • 2




    Pass the values as encrypted strings and then decrypt in your runtime
    – Scary Wombat
    Nov 12 at 2:00










  • @ScaryWombat Thank you for the suggestion! Do you have an example, link or otherwise, of what this encrypt/decrypt implementation would look like?
    – 3d12
    Nov 12 at 18:49














0












0








0







For my current project, I'm working on connecting to a MySQL database using Java.



I have a bit of code, in which I'm using Gradle to substitute sensitive database credentials into the .java file using ReplaceTokens to populate a new version of the file in the build directory and source that version (with the replaced "detokenized" values) to compile the .class file.



I do not anticipate anyone aside from the core dev team handling the source .java files, only the .war which contains the compiled .class files. However, from a peek at these .class files using vim, I can tell that the detokenized values are plainly visible in the compiled bytecode.



My question is, assuming a scenario in which my .class files could be retrieved from the server by a potentially malicious agent, is there any better method of tokenization that would give another layer of security to the database credentials?



For additional information, the MySQL DB is accessed through a socket only, so I do not expect a malicious agent could do anything with the DB credentials alone, but I would like to make it as difficult as possible to determine these credentials anyway.



Thank you for any advice! I'm still very new to Java and Gradle in general, but this project has already given me much insight into what can be done.










share|improve this question













For my current project, I'm working on connecting to a MySQL database using Java.



I have a bit of code, in which I'm using Gradle to substitute sensitive database credentials into the .java file using ReplaceTokens to populate a new version of the file in the build directory and source that version (with the replaced "detokenized" values) to compile the .class file.



I do not anticipate anyone aside from the core dev team handling the source .java files, only the .war which contains the compiled .class files. However, from a peek at these .class files using vim, I can tell that the detokenized values are plainly visible in the compiled bytecode.



My question is, assuming a scenario in which my .class files could be retrieved from the server by a potentially malicious agent, is there any better method of tokenization that would give another layer of security to the database credentials?



For additional information, the MySQL DB is accessed through a socket only, so I do not expect a malicious agent could do anything with the DB credentials alone, but I would like to make it as difficult as possible to determine these credentials anyway.



Thank you for any advice! I'm still very new to Java and Gradle in general, but this project has already given me much insight into what can be done.







java security gradle






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 12 at 1:59









3d12

234




234








  • 2




    Pass the values as encrypted strings and then decrypt in your runtime
    – Scary Wombat
    Nov 12 at 2:00










  • @ScaryWombat Thank you for the suggestion! Do you have an example, link or otherwise, of what this encrypt/decrypt implementation would look like?
    – 3d12
    Nov 12 at 18:49














  • 2




    Pass the values as encrypted strings and then decrypt in your runtime
    – Scary Wombat
    Nov 12 at 2:00










  • @ScaryWombat Thank you for the suggestion! Do you have an example, link or otherwise, of what this encrypt/decrypt implementation would look like?
    – 3d12
    Nov 12 at 18:49








2




2




Pass the values as encrypted strings and then decrypt in your runtime
– Scary Wombat
Nov 12 at 2:00




Pass the values as encrypted strings and then decrypt in your runtime
– Scary Wombat
Nov 12 at 2:00












@ScaryWombat Thank you for the suggestion! Do you have an example, link or otherwise, of what this encrypt/decrypt implementation would look like?
– 3d12
Nov 12 at 18:49




@ScaryWombat Thank you for the suggestion! Do you have an example, link or otherwise, of what this encrypt/decrypt implementation would look like?
– 3d12
Nov 12 at 18:49












1 Answer
1






active

oldest

votes


















1














Here is some simple code that does base64 encoding / decoding



I am using Blowfish for the algo



import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;

public static String encrypt(String text) throws Exception
{
SecretKeySpec sksSpec = new SecretKeySpec(key.getBytes(), algo );
Cipher cipher = Cipher.getInstance(algo);
cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, sksSpec);

byte encrypt_bytes = cipher.doFinal(text.getBytes());
return new String( Base64.encodeBase64(encrypt_bytes) );
}

public static String decrypt(String encrypt_str) throws Exception
{
SecretKeySpec sksSpec = new SecretKeySpec(key.getBytes(), algo);
Cipher cipher = Cipher.getInstance(algo);
cipher.init(Cipher.DECRYPT_MODE, sksSpec);

return new String(cipher.doFinal( Base64.decodeBase64(encrypt_str.getBytes("UTF-8"))));
}





share|improve this answer





















  • Thank you for sharing this implementation example! I will study it and see if I can adapt something similar to my needs.
    – 3d12
    Nov 14 at 1:35











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53255120%2fjava-tokenization-with-gradle%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









1














Here is some simple code that does base64 encoding / decoding



I am using Blowfish for the algo



import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;

public static String encrypt(String text) throws Exception
{
SecretKeySpec sksSpec = new SecretKeySpec(key.getBytes(), algo );
Cipher cipher = Cipher.getInstance(algo);
cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, sksSpec);

byte encrypt_bytes = cipher.doFinal(text.getBytes());
return new String( Base64.encodeBase64(encrypt_bytes) );
}

public static String decrypt(String encrypt_str) throws Exception
{
SecretKeySpec sksSpec = new SecretKeySpec(key.getBytes(), algo);
Cipher cipher = Cipher.getInstance(algo);
cipher.init(Cipher.DECRYPT_MODE, sksSpec);

return new String(cipher.doFinal( Base64.decodeBase64(encrypt_str.getBytes("UTF-8"))));
}





share|improve this answer





















  • Thank you for sharing this implementation example! I will study it and see if I can adapt something similar to my needs.
    – 3d12
    Nov 14 at 1:35
















1














Here is some simple code that does base64 encoding / decoding



I am using Blowfish for the algo



import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;

public static String encrypt(String text) throws Exception
{
SecretKeySpec sksSpec = new SecretKeySpec(key.getBytes(), algo );
Cipher cipher = Cipher.getInstance(algo);
cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, sksSpec);

byte encrypt_bytes = cipher.doFinal(text.getBytes());
return new String( Base64.encodeBase64(encrypt_bytes) );
}

public static String decrypt(String encrypt_str) throws Exception
{
SecretKeySpec sksSpec = new SecretKeySpec(key.getBytes(), algo);
Cipher cipher = Cipher.getInstance(algo);
cipher.init(Cipher.DECRYPT_MODE, sksSpec);

return new String(cipher.doFinal( Base64.decodeBase64(encrypt_str.getBytes("UTF-8"))));
}





share|improve this answer





















  • Thank you for sharing this implementation example! I will study it and see if I can adapt something similar to my needs.
    – 3d12
    Nov 14 at 1:35














1












1








1






Here is some simple code that does base64 encoding / decoding



I am using Blowfish for the algo



import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;

public static String encrypt(String text) throws Exception
{
SecretKeySpec sksSpec = new SecretKeySpec(key.getBytes(), algo );
Cipher cipher = Cipher.getInstance(algo);
cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, sksSpec);

byte encrypt_bytes = cipher.doFinal(text.getBytes());
return new String( Base64.encodeBase64(encrypt_bytes) );
}

public static String decrypt(String encrypt_str) throws Exception
{
SecretKeySpec sksSpec = new SecretKeySpec(key.getBytes(), algo);
Cipher cipher = Cipher.getInstance(algo);
cipher.init(Cipher.DECRYPT_MODE, sksSpec);

return new String(cipher.doFinal( Base64.decodeBase64(encrypt_str.getBytes("UTF-8"))));
}





share|improve this answer












Here is some simple code that does base64 encoding / decoding



I am using Blowfish for the algo



import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;

public static String encrypt(String text) throws Exception
{
SecretKeySpec sksSpec = new SecretKeySpec(key.getBytes(), algo );
Cipher cipher = Cipher.getInstance(algo);
cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, sksSpec);

byte encrypt_bytes = cipher.doFinal(text.getBytes());
return new String( Base64.encodeBase64(encrypt_bytes) );
}

public static String decrypt(String encrypt_str) throws Exception
{
SecretKeySpec sksSpec = new SecretKeySpec(key.getBytes(), algo);
Cipher cipher = Cipher.getInstance(algo);
cipher.init(Cipher.DECRYPT_MODE, sksSpec);

return new String(cipher.doFinal( Base64.decodeBase64(encrypt_str.getBytes("UTF-8"))));
}






share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 13 at 0:51









Scary Wombat

34.9k32252




34.9k32252












  • Thank you for sharing this implementation example! I will study it and see if I can adapt something similar to my needs.
    – 3d12
    Nov 14 at 1:35


















  • Thank you for sharing this implementation example! I will study it and see if I can adapt something similar to my needs.
    – 3d12
    Nov 14 at 1:35
















Thank you for sharing this implementation example! I will study it and see if I can adapt something similar to my needs.
– 3d12
Nov 14 at 1:35




Thank you for sharing this implementation example! I will study it and see if I can adapt something similar to my needs.
– 3d12
Nov 14 at 1:35


















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53255120%2fjava-tokenization-with-gradle%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







這個網誌中的熱門文章

Xamarin.form Move up view when keyboard appear

Post-Redirect-Get with Spring WebFlux and Thymeleaf

Anylogic : not able to use stopDelay()