[
https://issues.apache.org/jira/browse/OPENJPA-1089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rick Curtis updated OPENJPA-1089:
---------------------------------
Attachment: OPENJPA-1089-2.patch
Pinaki -- I'll be glad to commit the patch as soon as I'm a committer :-)
Donald - Do you think we need to be more explicit in stating what are valid
characters for encrypted passwords? Will the requirement that an encrypted
password must be a string be strict enough?
OPENJPA-1089-2.patch includes a minor update to the javadoc on the
EncryptionProvider interface and it also includes new docs.
> Provide for password encryption within persistence.xml
> ------------------------------------------------------
>
> Key: OPENJPA-1089
> URL: https://issues.apache.org/jira/browse/OPENJPA-1089
> Project: OpenJPA
> Issue Type: New Feature
> Components: jpa
> Affects Versions: 1.3.0, 2.0.0-M2
> Reporter: Kevin Sutter
> Assignee: Donald Woods
> Fix For: 2.0.0
>
> Attachments: OPENJPA-1089-2.patch, OPENJPA-1089.PATCH
>
>
> A recent discussion on our users forum [1] has surfaced (again) the need to
> encrypt the password fields in the persistence.xml. In the particular
> scenario outlined in the posting, this user wanted to encrypt the password
> sent into Apache DBCP via the url string. In my mind, that's a separate
> problem related to DBCP.
> But, OpenJPA has openjpa.Connection*Password properties that could be
> encrypted. And, the new JPA 2 spec outlines a
> javax.persistence.jdbc.password property that would be nice to encrypt.
> I'm opening this Issue as a Feature request, but it could also be considered
> a bug since a non-jndi environment is crippled from a security standpoint.
> [1]
> http://n2.nabble.com/How-to-encrypt-DB-password-in-persistence.xml-td2868212.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
