I am working on an application in java that will connect to an sql database, but will also have an internal encrypted database used for user accounts and passwords for security. My question is, is there a way to get(when the application would first be installed on the users machine) to grab with with authorization a list of user accounts, and their passwords and possibly privilege sets for these accounts to be used for security later. this will be similar to the way that plesk or cpanel uses user accounts on the system for logging into a web interface of the application. this will use angular front end and a java backend with database for storage and things alike. This will be deployed on many machines, mainly would be linux(RHEL) and Windows, with the possibility of mac. how would you go about this? any advice or help would be greatly appreciated.
2
Answers
I was thinking originally of having Java authenticate with the OS, however this defeats the purpose. I will just have during the setup process the user setup passwords, store them encrypted in some SQL database for authentication. This makes more sense as JAVA is typically running in a Virtual machine completely separate of the OS. This can also make it more secure, as if the OS gets breached, unless you have the passwords for the encrypted files, your data is safe.
You can use Java properties file with encrypted property for password. Please have a look at this answer for a point to start.