Menu
I'm working on a front end for a database I have set up and I was wondering if I just use this code will my password and username show up in plain text if some one is sniffing?
String url = "jdbc:mysql://" + address + "/table";
String user = user_Name;
String password = complete_Password;
Connection conn = null;
try {
conn = DriverManager.getConnection(url, user, password);
return conn;
} catch (SQLException ex) {
System.out.println(ex);
}
562
That depends on how the JDBC driver is implemented, the MySQL JDBC driver will not transmit your password in clear text. You can see this happening at the MysqlIO class (look for the changeUser method).
You can also see the various types of authentication MySQL offers (including the very unsafe clear text passwords over the wire) at it's client-server protocol documentation.
I seriously doubt any vendor produced database driver out there will send your password data as clear text over the wire. At least I know the MySQL and PosgreSQL JDBC drivers will not do this. PostgreSQL, for instance, will generate a hash of your password and send it.
170
JDBC is merely an API. every JDBC driver implementation is different, so this would be up to the particular driver that you were using.
45
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
