While looking for the current paradigms on storing passwords in Java I stumbled on this Security IQ Test. It’s a bit thin but at least you can get a feel for if you know what’s going on at a fundamental level. Perhaps the best part is the answers provided after you get your score.
This is also an interesting thread.
The question that I currently have is: what is the correct techique for obtaining passwords from a configuration file? Currently I store system passwords in an encrypted properties file. Do I have to read and decrypt the properties file each time I need the passwords? I don’t think that just reading the passwords once on start makes sense (for the same reason that you use
String for storing the password).