Java Security

I guess I should add, I'm not looking for anyone to code this for me, but rather just to point me in the right direction so I know I'm on the right track. Thanks!

This is my first foray into securing some of our local scripts. For an overview, we have a lot of scripts that are stored on an FTP server with user names and passwords hardcoded within. Each script finds a specific type of file, connects to an external server, and pushes the file. The major issue I have is that all of the source files with identifying information, and all connection information are stored in flat text files on the server. I just want to add a layer of protection to our connection data while still allowing us to use automated scripting.

The first thing I want to tackle is taking the server, user name, and password and put them into a database as encrypted values. I would need to be able to decrypt these values automatically when used to connect via java. We use PGP command line 9.1 for manual file en/decryption and Oracle 10gR2 as our infrastructure.

I'm sure this kind of thing is used all the time but I'm not keen to the terminology of encryption yet so I haven't had very good luck searching. My searches have all required some sort of password or file to be submitted for performing the encryption or decryption, but I assume that would leave the entire process and all data open to attack if that one password was retrieved. Your help or suggestions are appreciated!

High level program
Start application and pass connection keys for lookup in database
Use connection keys to retrieve url, user, and password from database
Decrypt values for connection
Connect to remote server

Edited by: tdandrea on Mar 12, 2010 9:53 AM