Take a look at Jasypt , this is a java library that allows a developer to add basic encryption capabilities to their projects with minimal effort and without the need for in-depth knowledge of how cryptography works.
If you use Spring, you can define yours db.propertiesas:
jdbc.driver=com.mysql.jdbc.Driver
jdbc.url=jdbc:mysql:
jdbc.username=userName
jdbc.password=ENC(A6L729KukPEx7Ps8didIUWb01fdBRh7d)
and configure it with Jasypt and Spring as:
<bean class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer">
<constructor-arg>
<bean class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
<property name="config">
<bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
<property name="algorithm" value="PBEWithMD5AndDES" />
<property name="passwordEnvName" value="APP_ENCRYPTION_PASSWORD" />
</bean>
</property>
</bean>
</constructor-arg>
<property name="locations">
<list>
<value>classpath:/META-INF/props/db/db.properties</value>
</list>
</property>
</bean>
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
<property name="driverClassName" value="${jdbc.driverClassName}"/>
<property name="url" value="${jdbc.url}"/>
<property name="username" value="${jdbc.username}"/>
<property name="password" value="${jdbc.password}"/>
</bean>
This will hide the actual password (you can do the same for username) for students, so they will not be able to get the connection string from viewing the properties file.
If you are not using Spring, here is the Jasypt manual to get the same “manually”