Conventional client/server systems may include a client, an application server, and a database system. The client may submit a database access statement to the application server. The application server may receive the database access statement and establish a connection to the database system to retrieve the requested data. Typically, the application server is connected to the database system over a network (e.g., a Local Area Network (LAN)).
Establishing a connection to the database system is typically a two-part process: loading an appropriate driver and connecting to the database system using the appropriate driver. Loading an appropriate driver is typically accomplished with a method call. For example, the client/server system may employ a Java Database Connectivity (JDBC) Application Program Interface (API) that complies with the Java 2 Platform, Standard Edition (J2SE), version 1.4.2, published June 2003 (the J2SE Standard). Loading an appropriate driver from the JDBC API may be done, for example, with the following line of code: Class.forName(“jdbc.DriverXYZ”).
The second part of the process is to connect to the database system using the loaded driver. The following line of code illustrates connecting to the database system using the loaded driver: connection con=DriverManager.getConnection (“address,” “login,” “password”). The terms “address,” “login,” and “password” illustrate connection information that is accessed by an application server to establish a connection to a database.
In conventional client/server systems, the connection information is stored as plain text in a file system and accessed, as needed, by an application server. Storing connection information as plain text in a file system leads to potential security problems. For example, file systems are vulnerable to access by unauthorized users. Further, unauthorized users may readily comprehend the value of plain text connection information (e.g., plain text passwords, addresses, etc.) that is stored in a file system. Also, if the file system is connected to the application server by a network, then connection information may be vulnerable as it is communicated over the network.