exception report

Thread view:

cmk128@hotmail.com - 31 Jul 2006 06:42 GMT

Hi
When my java application throw an exception, it will connect to
MySQL, dump the exception to it. My java software is open source, so i
scare everyone will know my mysql password because the password is
inside the code.
I can pack the class that connect to mysql to another jar, and don't
release this piece of source code, but this is not open source and not
what i want. Any other way?

thanks
from Peter (cmk128@hotmail.com)

Reply to this Message

Oliver Wong - 31 Jul 2006 16:05 GMT

> Hi
> When my java application throw an exception, it will connect to
[quoted text clipped - 4 lines]
> release this piece of source code, but this is not open source and not
> what i want. Any other way?

Create a new user account for your MySQL DB which only has INSERT
priviliges into your table. Have your Java program use that password.

Now people can insert into your DB, but they can't delete or do other
stuff to it.

You'll still be vulnerable to DOS (Denial of Service) attacks in which a
malicious user tries to make a billion inserts into your table, but I think
it's impossible to avoid that. At best, you could add an extra processing
layer between the DB (e.g. a WebService), which checks against duplicate
entries, or flooding from a single IP address or something like that.

- Oliver

Reply to this Message

cmk128@hotmail.com - 31 Jul 2006 17:59 GMT

Oliver Wong 寫道：

> > Hi
> > When my java application throw an exception, it will connect to
[quoted text clipped - 18 lines]
>
> - Oliver

thank Oliver
I already set the user account that only have select and insert
rights.
I don't think i have a perfect way to avoid the DOS attack, because
once the exception occurs, it will insert record to DB. And same
exception occurs many times on the same IP is very possible.
thanks again
from Peter (cmk128@hotmail.com)

Reply to this Message

exception report

Free Magazines