putting properties as a resource is the WRONG way

## I noticed a bad example as a comment in the DBProvider class

It states 

```java
        // Usage of resource file is preferred way. No issues with working dir.
        // Uses the default location of resources (in src/main/java/resources dir)
        // getClassLoader() is necessary, unless you store your proprty file in a 
        // subfolder according to package name 
        // (src/main/resources/fontys/customerdbdemo in this case).
```

This is almost as wrong as putting passwords into the source code because:

* src/main/resources is typically versioned, so any property file with passwords will be published in the repository. **Bad.**
*  said properties file will also land in the jar file, so it is published when packaging, installing and deploying as well. So just as **bad**.

The only way to deal with secrets is to keep them separate from the application binaries and put them in a well known but 
protected place.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

putting properties as a resource is the WRONG way #15

I noticed a bad example as a comment in the DBProvider class

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

putting properties as a resource is the WRONG way #15

Description

I noticed a bad example as a comment in the DBProvider class

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions