根据java SDK中的例子:
https://github.com/paypal/rest-api-sdk-java
clientID、clientSecret 是从 sdk_config.properties 文件中检索的,它们以纯文本形式驻留在该文件中。例如 java SDK 自带的属性文件:
# Connection Information
http.ConnectionTimeOut=5000
http.Retry=1
http.ReadTimeOut=30000
http.MaxConnection=100
# HTTP Proxy configuration
# If you are using proxy set http.UseProxy to true and replace the following values with your proxy parameters
http.ProxyPort=8080
http.ProxyHost=127.0.0.1
http.UseProxy=false
http.ProxyUserName=null
http.ProxyPassword=null
#Set this property to true if you are using the PayPal SDK within a Google App Engine java app
http.GoogleAppEngine = false
# Service Configuration
service.EndPoint=https://api.sandbox.paypal.com
# Live EndPoint
# service.EndPoint=https://api.paypal.com
# Credentials
clientID=EBWKjlELKMYqRNQ6sYvFo64FtaRLRR5BdHEESmha49TM
clientSecret=EO422dn3gQLgDbuwqTjzrFgFtaRLRR5BdHEESmha49TM
不是安全问题吗?是否有更好的替代方法来存储这些凭据?
提前致谢。