Andreas Schmidt wrote: > Hi, > > When I write a program that outputs encrypted pdfs, I also nee to > hardcode the password somehow in my code. Or I call a server and fetch > password - but for that I have to hardcoode the identification to the > server in my code...
It depends on the application. Doesn't your application accept user input of any sort (a password field in an HTML form that is posted to the server or a login box from your Swing app). > So somehow a user could scan or decompile and scan my program for > passwords - and then open this encrypted pdf. I don't want to allow that! I don't ever put a password in my source code (except for simple examples). I always use a properties file or something similar. Of course, the problem remains: if your properties file is compromised so is your password. That's more an OS issue than a programming problem. When I was a Cold Fusion programmer (over 7 years ago), I believe you had to enter some passwords upon starting the server. The passwords were kept in memory. I think this is overkill. br, Bruno _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions
