Let's say that you have a standalone application (Java application in my case) and that this application has a configuration file (XML file in my case), where you store the credentials (user and password) for a bunch of databases that need to be connected.
Everything works fine, but now you discover (or you are given a new requirement like me) that you must put this application on another server and that it cannot have these credentials in the configuration files, for security reasons and / or compliance.
I plan to use data sources hosted on an application server (WAS server), but I think this may have poor performance and maybe this is not the best approach as I am connecting from a standalone application.
I also considered using a kind of encryption , but I would like to make everything as simple as possible.
How would you handle this? Where would you put these credentials or could you protect them from being compromised? Or how do you connect to your databases in this scenario?
source
share