application.properties

spring.mvc.view.prefix:/WEB-INF/jsp/
spring.mvc.view.suffix:.jsp
# DataSource settings: set here your own configurations for the database 
# connection. In this example we have "netgloo_blog" as database name and 
# "root" as username and password.

spring.datasource.url = jdbc:mysql://to_be_replaced/tobereplaced

spring.datasource.username = userdb
spring.datasource.password = admindentist

# Keep the connection alive if idle for a long time (needed in production)
spring.datasource.testWhileIdle = true
spring.datasource.validationQuery = SELECT 1

# Show or not log for each sql query
spring.jpa.show-sql = true

# Hibernate ddl auto (create, create-drop, update)
spring.jpa.hibernate.ddl-auto = update

#other
server.servlet.session.cookie.secure= false
logging.level.org.springframework.web=DEBUG

# Naming strategy
spring.jpa.hibernate.naming-strategy = org.hibernate.cfg.ImprovedNamingStrategy

# Use spring.jpa.properties.* for Hibernate native properties (the prefix is
# stripped before adding them to the entity manager)

# The SQL dialect makes Hibernate generate better SQL for the chosen database
spring.jpa.properties.hibernate.dialect = org.hibernate.dialect.MySQL5Dialect

# the sql injection configuration

security.SQLI = false

#Sec Cookie usage
security.use-cookie = Base64

#Sec Cookie Param
security.cook-param = True

#Sec SessFix
security.sess-fix = No

# Turn Reset-all-password-of-database on or off
security.reset-password= True


#Sec XSS protection
security.xss-protection=No

# 3 types to store password in db
# Clear: Clear text
# Hashed: use SHA256
# SaltHashed: use SHA256 with Salt string
# PBKDF2
security.pwd-storage= Hashed
#key recapchart for prevent brute force username and password
google.recaptcha.key-site=6LfcKGcUAAAAAGeQnwfHGMakB4Eka9NfmftZ4UVs
google.recaptcha.key-secret=6LfcKGcUAAAAAKKvM8axm7rVkLV3lrZAg294FKTK
google.recaptcha.u-r-i=https://www.google.com/recaptcha/api/siteverify

security.pwbruteforce=False
security.csrfProtection=SameSite