What is the best practice for securely storing passwords in Java

by

You can use a local keystore where you could put passwords instead of secret keys.

Answer to edit:

Keystores are a perfect fit for your need. If you want extra protection, you could ask the user for one password to access all passwords when the user starts the application. Then, you could protect stored database password with a simple salt-and-stretch method (to generate an encryption key) using the one password that was used when starting the application.

More Related Contents:

  1. Why is char[] preferred over String for passwords?
  2. PreparedStatement IN clause alternatives?
  3. How are SSL certificate server names resolved/Can I add alternative names using keytool?
  4. How to retrieve a file from a server via SFTP?
  5. Encrypt Password in Configuration Files? [closed]
  6. How to deal with a slow SecureRandom generator?
  7. Secure HTTP Post in Android
  8. Allowing Java to use an untrusted certificate for SSL/HTTPS connection
  9. Difference between java.util.Random and java.security.SecureRandom
  10. Appearance of Java Security dialog
  11. How do I create a Java sandbox?
  12. What is the security risk of object reflection?
  13. Unit testing with Spring Security
  14. How can I construct a java.security.PublicKey object from a base64 encoded string?
  15. How to properly logout of a Java EE 6 Web Application after logging in
  16. Java and SSL – java.security.NoSuchAlgorithmException
  17. Disable Java reflection for the current thread
  18. How to disable Java security manager?
  19. How do you configure HttpOnly cookies in tomcat / java webapps?
  20. How to apply Spring Security filter only on secured endpoints?
  21. Prevent XXE Attack with JAXB
  22. Application vulnerability due to Non Random Hash Functions
  23. Simplest way to encrypt a text file in java
  24. New java.security.AccessControlException in Java 8
  25. How does Java strings being immutable increase security?
  26. Can a secret be hidden in a ‘safe’ java class offering access credentials?
  27. How to check if class exists somewhere in package?
  28. How to hash a password with SHA-512 in Java?
  29. Using Apache httpclient for https
  30. How to obtain the location of cacerts of the default java installation?

Leave a Comment