You can always store a secure hash of the password in the config file provided that it can be used in the hashed form. If a context needs to see the clear text form of the password then you would have to store an encrypted form of the password and decrypt it by providing a wrapper of the mbean needing the password to handle this.
xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx ----- Original Message ----- From: "David Jencks" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, November 22, 2002 6:10 AM Subject: Re: [JBoss-user] Encryption of configuration files > In all jboss 3 and later versions, you can supply the db login credentials > from a jaas login module. This can obtain the credentials from anywhere > you can think of. > > I'm not a security expert, but I've always wondered how to make such a > scheme actually secure, since the ways I've thought up involve some initial > key info being available to both the decryption system and whoever can get > to the jboss config files. > > david jencks > > On 2002.11.22 03:47:23 -0500 [EMAIL PROTECTED] wrote: > > > > > > Hi, > > > > I have an issue regarding the configuration files (specially jboss.jcml) > > used > > with JBoss 2.4.6. The problem is configuration of the pools to the > > databases, > > where the usernames and passwords are written in human readable text. Our > > customers are not particularly happy about this. > > > > Do any of the JBoss versions support encryption of these mission critical > > data ? > > > > Med venlig hilsen / regards > > > > Kris Kristensen > > System developer > > Business Communications Systems > > OM > > > > E-mail: [EMAIL PROTECTED] > > Direct : +4543559562 > > Fax: +4543559501 > > Phone: +4543559500 > > > > Visiting address: Struergade 16 ,DK-2630 Taastrup,Denmark > > http://www.omgroup.dk > > > > > > > > > > ------------------------------------------------------- > > This sf.net email is sponsored by:ThinkGeek > > Welcome to geek heaven. > > http://thinkgeek.com/sf > > _______________________________________________ > > JBoss-user mailing list > > [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/jboss-user > > > > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > JBoss-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/jboss-user > ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
