Java - Protecting Properties file in jar

If i include a properties file in my project that contains a database password, how do i stop someone from browsing the .jar file and accessing it.

Currently i have it hardcoded, but you can decompile and access it even with Obfuscation.

Is there a best method for handling sensitive data in app code?

Solution

Short answer: You can't

Longer answer:
Protecting a JAR file is not really possible if the attacker has access to the file system and hence the JAR file. You could encrypt the property file that contains the database password, but then you're facing the same issue again as to where store the encryption password.

In the end, having passwords stored in property files is not optimal for security. If possible, you should use a password safe with an API usable by your application. Cyberark or Vault (and many more that I don't know) are examples of such password safes.

Parsing time strings like "1h 30min"
Spring Boot control target JAR file name
JavaFx sorting visualiser
Does Java compiler understand two returns?
Java: Compile inter-related classes
What is the correct syntax for creating a HashMap in Java?
Programmatically change log level in Log4j2
Having trouble using a loop to find a user-input character from a text file in Java (Solved)
How to return 404 response status in Spring Boot @ResponseBody - method return type is Response?
How to use GWT 2.1 Data Presentation Widgets
List of Java class file format major version numbers?
UnsatisfiedDependencyException: Error creating bean with name
Configure Selenium Nodes without a JSON file
How can we extract values from URL when redirect to a Android app?
GregorianCalendar returns wrong DAY_OF_WEEK in Java
how to implement an idl-to-java compiler
Prevent launching multiple instances of a java application by locking a file is not working
Unable to execute Arquillian test
ClassCastException in Production Build after Login in Android App
Page through an array
How to remove JRE entries from Windows registry?
Chosing a suitable table size for a Hash
How to set "value" to input web element using selenium?
How to verify 'Open xdg-open popup' in Chrome via Selenium Webdriver?
Java Generics: Who is right, javac or Eclipse compile?
Where are the preferred argument conversions for overloaded methods documented (if at all)?
How do I compile my Java source files?
How to prevent Spring Boot/Hibernate from converting entity column names from PascalCase to snake_case?
How add JAVA_OPTS variable to wildfly by kubernetes yaml file?
Read a Environment Variable in Java with Websphere