My java application is currently connecting to a pl / sql database, the username and password of the connection are in the jdbc file:
jdbc.username = xxxxxxx
jdbc.password = xxxxxxx
jdbc.url = xxxxxxxxxxxx
and Spring uses this data to create the connection, and finds this through the applicationContext.xml file
<!-- Carregamento do Arquivo de Configuracoes do JDBC -->
<context:property-placeholder location="xxxx" />
<!-- Configuracao do DataSource -->
<bean id="dataSource" class="xxxxx">
<property name="driverClassName" value="${jdbc.driverClassName}" />
<property name="url" value="${jdbc.url}" />
<property name="username" value="${jdbc.username}" />
<property name="password" value="${jdbc.password}" />
</bean>
ISO 27001 asks that the connection password is not statically fixed to the code, as developers will no longer be able to access the database password. Any ideas how I can resolve this?