'Hide plain text Credentials on Java
I have a username and password in my Java app to call an external API. I would like obfuscate these credentials' strings and not hardcode them in plain text inside source code.
Any tip how I can do that?
Solution 1:[1]
If the credentials are in an app on an insecure client device, then there is no way to secure them 100%. The common solution is to avoid storing username/password but instead have the user login once to obtain a token from the (secure) application server. This token is stored on the insecure device as securely as feasible, and refreshed on a regular basis: When the token nearly expires, it is used to authenticate with the server and obtain a new token. In this way, if the token is stolen it will not grant access indefinitely.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Adriaan Koster |