Re: [JBoss-user] how to encode database password in descriptor file mysql-ds.xml

Brad Balmer Fri, 30 Jan 2004 10:08:53 -0800

What I've seen another application do (WebSphere) is when it reads in the file, if the password is cleartext, it will use it's own encryption algorithm to encrypt the password and then save the new password in the file, so when the user opens the file back up, the password is now stored as encrypted. If the password is encrypted, it proceeds as normal.

Therefore, you can't ever unencrypt the password and if you want/need to change the password you just change it in the file and the server will encrypt it for you.

The main idea is that the application server does all the encryption for the user.

Scott M Stark wrote:

How do you want the password used to encrypt this password to be stored/used?

xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx

________________________________
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mark Wang
Sent: Tuesday, January 27, 2004 4:39 PM
To: [EMAIL PROTECTED]
Subject: [JBoss-user] how to encode database password in descriptor file
mysql-ds.xml
Dear JBOSS Experts:

I am using JBOSS 3.2.3 and MySql 4.0.16. Under the directory:

$JBOSS_HOME/server/default/deploy, there is a file "mysql-ds.xml":

The file has something like the following:

......................................................

<datasources> <local-tx-datasource> <jndi-name>MySqlDS</jndi-name> <connection-url>jdbc:mysql://localhost:3306/authority</connection-url> <driver-class>org.gjt.mm.mysql.Driver</driver-class> <user-name>test</user-name> <password>test123</password> </local-tx-datasource>

</datasources>

..................................................................

Since the database user-name("test") and password("test123") are plain texts, these are big security flaws. Anybody who can read this

file can use this user-name and password to do anything with the database.

How can we encode the password so that even people can read this file, but can't get the original password?

Could somebody provide a sample configuration file "mysql-ds.xml" and related files?

Thanks a million,

Mark

------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Re: [JBoss-user] how to encode database password in descriptor file mysql-ds.xml

Reply via email to