How do you want the password used to encrypt this password to be stored/used?
xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Wang Sent: Tuesday, January 27, 2004 4:39 PM To: [EMAIL PROTECTED] Subject: [JBoss-user] how to encode database password in descriptor file mysql-ds.xml Dear JBOSS Experts: I am using JBOSS 3.2.3 and MySql 4.0.16. Under the directory: $JBOSS_HOME/server/default/deploy, there is a file "mysql-ds.xml": The file has something like the following: ...................................................... <datasources> <local-tx-datasource> <jndi-name>MySqlDS</jndi-name> <connection-url>jdbc:mysql://localhost:3306/authority</connection-url> <driver-class>org.gjt.mm.mysql.Driver</driver-class> <user-name>test</user-name> <password>test123</password> </local-tx-datasource> </datasources> .................................................................. Since the database user-name("test") and password("test123") are plain texts, these are big security flaws. Anybody who can read this file can use this user-name and password to do anything with the database. How can we encode the password so that even people can read this file, but can't get the original password? Could somebody provide a sample configuration file "mysql-ds.xml" and related files? Thanks a million, Mark ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
