exception report

C

cmk128

Hi
When my java application throw an exception, it will connect to
MySQL, dump the exception to it. My java software is open source, so i
scare everyone will know my mysql password because the password is
inside the code.
I can pack the class that connect to mysql to another jar, and don't
release this piece of source code, but this is not open source and not
what i want. Any other way?

thanks
from Peter ([email protected])
 
O

Oliver Wong

Hi
When my java application throw an exception, it will connect to
MySQL, dump the exception to it. My java software is open source, so i
scare everyone will know my mysql password because the password is
inside the code.
I can pack the class that connect to mysql to another jar, and don't
release this piece of source code, but this is not open source and not
what i want. Any other way?

Create a new user account for your MySQL DB which only has INSERT
priviliges into your table. Have your Java program use that password.

Now people can insert into your DB, but they can't delete or do other
stuff to it.

You'll still be vulnerable to DOS (Denial of Service) attacks in which a
malicious user tries to make a billion inserts into your table, but I think
it's impossible to avoid that. At best, you could add an extra processing
layer between the DB (e.g. a WebService), which checks against duplicate
entries, or flooding from a single IP address or something like that.

- Oliver
 
C

cmk128

Oliver Wong 寫é“:
Create a new user account for your MySQL DB which only has INSERT
priviliges into your table. Have your Java program use that password.

Now people can insert into your DB, but they can't delete or do other
stuff to it.

You'll still be vulnerable to DOS (Denial of Service) attacks in which a
malicious user tries to make a billion inserts into your table, but I think
it's impossible to avoid that. At best, you could add an extra processing
layer between the DB (e.g. a WebService), which checks against duplicate
entries, or flooding from a single IP address or something like that.

- Oliver

thank Oliver
I already set the user account that only have select and insert
rights.
I don't think i have a perfect way to avoid the DOS attack, because
once the exception occurs, it will insert record to DB. And same
exception occurs many times on the same IP is very possible.
thanks again
from Peter ([email protected])
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,743
Messages
2,569,478
Members
44,899
Latest member
RodneyMcAu

Latest Threads

Top