I'm not a big fan of having credentials in the clear in files. The JDBC tutorials has an example of this. Firstly, unless you're using the same credentials in each environment (DEV, QA, UAT/SIT, PROD, etc.), these probably shouldn't be in a file. But I realize it's being done for the sake of demonstrating how a connection string might be sent from a java application.

My question: does anyone have any thoughts on better ways of securing these credentials while still transmitting a connection string?

Task: comment or answer or replay to the post

///////////////////////////////////////////////

What are some of the ways you think robust, well-designed code relates to software security?

please answer the questions