Many businesses are providing access to their products and services through applications that are delivered over computer networks such as the Internet. These applications typically have a multi-tiered architecture. In those cases where the applications are delivered over the Internet they are commonly referred to as Web-based applications. FIG. 1 is a block diagram of a Web-based application 100 having a multi-tiered architecture.
Web-based application 100 includes client layer 110, application layer 120, and database layer 130. Client layer 110 includes user interface 112 that runs on a client computing device such as a desktop computer, laptop computer, personal digital assistant, telephone, and the like. In a Web-based environment, user interface 112 is typically a Web browser. User interface 112 may collect input from a user and provide that input to application layer 120 for processing.
Application layer 120 includes application server 122 to receive and process input from client layer 110. Application server 122 typically includes a number of subcomponents including, for example, connectivity layer 140, presentation logic 142, business logic 144, and database interface 146. Connectivity layer 140 provides connections to client layer 110 using protocols such as the HyperText Transfer Protocol (HTTP), HTTP secured through the Secure Socket Layer, the Simple Object Access Protocol (SOAP), and the like. Presentation logic 142 generates a Graphical User Interface (GUI) using, for example, a markup language such as the Hyper Text Markup Language (HTML). Business logic 144 represents the core of the application, for example, the rules governing the underlying business process (or other functionality) provided by the application. Database interface layer 146 provides an interface to database layer 130. The Java 2 Enterprise Edition Specification v1.3, published on Jul. 27, 2001 (the J2EE Standard) defines an increasingly popular architecture for application layer 120.
Database layer 130 includes data access logic used by business logic 144 to store and retrieve data in database 132. Database 132 provides non-volatile storage (sometimes referred to as a persistent store) for the data accessed and/or processed by application layer 120. Database 132 may be, for example, a relational database or an object-oriented database.
Establishing a connection between application server 122 and database 132 is typically a two-part process: loading an appropriate driver and connecting to database 132 using the appropriate driver. Loading an appropriate driver is typically accomplished with a method call. For example, application server 122 may employ a Java Database Connectivity (JDBC) Application Program Interface (API) that complies with the Java 2 Platform, Standard Edition (J2SE), version 1.4.2, published June 2003 (the J2SE Standard). Loading an appropriate driver from the JDBC API may be done, for example, with the following line of code: Class.forName(“jdbc.DriverXYZ”).
The second part of the process is to connect to database 132 using the loaded driver. The following line of code illustrates connecting to database 132 using the loaded driver: connection con=DriverManager.getConnection (“address,” “login,” “password”). The terms “address,” “login,” and “password” illustrate connection information that is accessed by application server 122 to establish a connection to database 132.
In conventional systems, the connection information is stored as plain text in a file system and accessed, as needed, by application server 122. Storing connection information as plain text in a file system leads to potential security problems. For example, file systems are vulnerable to access by unauthorized users. Further, unauthorized users may readily comprehend the value of plain text connection information (e.g., plain text passwords, addresses, etc.) that is stored in a file system. Also, if the file system is connected to the application server by a network, then connection information may be vulnerable as it is communicated over the network.