exception report

Discussion in 'Java' started by cmk128@hotmail.com, Jul 31, 2006.

  1. Guest

    Hi
    When my java application throw an exception, it will connect to
    MySQL, dump the exception to it. My java software is open source, so i
    scare everyone will know my mysql password because the password is
    inside the code.
    I can pack the class that connect to mysql to another jar, and don't
    release this piece of source code, but this is not open source and not
    what i want. Any other way?

    thanks
    from Peter ()
    , Jul 31, 2006
    #1
    1. Advertising

  2. Oliver Wong Guest

    <> wrote in message
    news:...
    > Hi
    > When my java application throw an exception, it will connect to
    > MySQL, dump the exception to it. My java software is open source, so i
    > scare everyone will know my mysql password because the password is
    > inside the code.
    > I can pack the class that connect to mysql to another jar, and don't
    > release this piece of source code, but this is not open source and not
    > what i want. Any other way?


    Create a new user account for your MySQL DB which only has INSERT
    priviliges into your table. Have your Java program use that password.

    Now people can insert into your DB, but they can't delete or do other
    stuff to it.

    You'll still be vulnerable to DOS (Denial of Service) attacks in which a
    malicious user tries to make a billion inserts into your table, but I think
    it's impossible to avoid that. At best, you could add an extra processing
    layer between the DB (e.g. a WebService), which checks against duplicate
    entries, or flooding from a single IP address or something like that.

    - Oliver
    Oliver Wong, Jul 31, 2006
    #2
    1. Advertising

  3. Guest

    Oliver Wong 寫é“:

    > <> wrote in message
    > news:...
    > > Hi
    > > When my java application throw an exception, it will connect to
    > > MySQL, dump the exception to it. My java software is open source, so i
    > > scare everyone will know my mysql password because the password is
    > > inside the code.
    > > I can pack the class that connect to mysql to another jar, and don't
    > > release this piece of source code, but this is not open source and not
    > > what i want. Any other way?

    >
    > Create a new user account for your MySQL DB which only has INSERT
    > priviliges into your table. Have your Java program use that password.
    >
    > Now people can insert into your DB, but they can't delete or do other
    > stuff to it.
    >
    > You'll still be vulnerable to DOS (Denial of Service) attacks in which a
    > malicious user tries to make a billion inserts into your table, but I think
    > it's impossible to avoid that. At best, you could add an extra processing
    > layer between the DB (e.g. a WebService), which checks against duplicate
    > entries, or flooding from a single IP address or something like that.
    >
    > - Oliver


    thank Oliver
    I already set the user account that only have select and insert
    rights.
    I don't think i have a perfect way to avoid the DOS attack, because
    once the exception occurs, it will insert record to DB. And same
    exception occurs many times on the same IP is very possible.
    thanks again
    from Peter ()
    , Jul 31, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Meheraj shaik via .NET 247

    Crysatl report load report failed

    Meheraj shaik via .NET 247, May 28, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    3,241
    saapr
    Jun 7, 2005
  2. James Wallace
    Replies:
    0
    Views:
    1,051
    James Wallace
    Oct 17, 2003
  3. =?Utf-8?B?aHVicmlzdGljYm9i?=

    Load Report Fails on ASP.NET app when report is on a different ser

    =?Utf-8?B?aHVicmlzdGljYm9i?=, Mar 17, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    410
    Brock Allen
    Mar 17, 2005
  4. =?Utf-8?B?Sm9obiBCYWlsZXk=?=

    The definition of the report 'Main Report' is invalid

    =?Utf-8?B?Sm9obiBCYWlsZXk=?=, Jul 2, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    4,015
    =?Utf-8?B?Sm9obiBCYWlsZXk=?=
    Jul 2, 2005
  5. =?Utf-8?B?SmFpZ2FuZXNo?=

    Reading report content using Crystal Report Viewer XI

    =?Utf-8?B?SmFpZ2FuZXNo?=, Jan 4, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    1,179
    =?Utf-8?B?SmFpZ2FuZXNo?=
    Jan 4, 2006
Loading...

Share This Page