This content has been marked as final. Show 2 replies
Decompiling is unnecessary. All somebody would have to do would be to sniff the transmissions between your application and your database; the credentials are sent unencrypted.
So the problem is not that somebody could find out the database credentials, the problem is that your database exposes itself to the internet. And if anybody does find the credentials through any method at all, then you've got a problem.
And by the way if you distribute your application with the credentials hard-coded, then that makes it difficult for you to change the password if it does get compromised, because then nobody can use your application any more. This is a bad thing because one of the first things you should do when your system is compromised is to change the access password.
So really the best way to distribute this application would be to write it so that it connects to an application which runs on your server. This server application would communicate with the database, which would make it unnecessary for the database to be visible from the internet. Your Swing application would communicate with the server application via some kind of web service protocol.
Dr Clap is exactly right... the only thing I would add is:
If you think you can distribute anything in any format and have it secure, you are fooling yourself. Security is only an illusion that allows us to sleep at night and keeps the basically honest user from peeking at your code. If someone really wants your code, they will get it--obfuscated or anyother scheme you come up with, can and will be cracked because all they have to do is use a spy and follow the execution or decompile it directly and play with it--nothing is secure once it leaves the privacey of your brain--security basically puts us on a modified honor system.
Design everything with that in mind.