Storing a private key in a java .class file
does add a useful level of
security.
1) Customers perceive this as valuable.
They aren't geeks, so they
don't get it, but they still buy your product
or not. And if your
competitor obscures the DB password and you
don't, then that's
one more reason to buy from the
competitor.
2) A private key embedded in a .class will keep
out some less
sophisticated crackers. And that adds
value. Think about why
you lock the door to your house. You know
that won't keep anyone
out. They can freeze the lock, pick it,
break a window. A key
door lock isn't real security. But you do
it anyway, because it does
add some value (keeping out unsophisticated
thieves).
JD
-----Original Message-----
From: Rupp, Heiko [mailto:[EMAIL PROTECTED] Sent: Friday, January 30, 2004 10:22 AM To: [EMAIL PROTECTED] Subject: Re: [JBoss-user] how to encode database password in descriptor file mysql-ds.xml <...>
And now .. when the server encrypts the password it either does some trivial thing (like rot13 encoding) or it uses a real (possibly symmetrical) encryption algorithm. In the later case, it uses a key to help encryption. This key is stored somewhere in the server, where at the end everyone can read it and use it with the said encryption algorithm. The key/password is only secured by obscurity. Heiko
|
Title: Re: [JBoss-user] how to encode database password in descriptor file mysql-ds.xml
- [JBoss-user] how to encode database password in descriptor f... Mark Wang
- RE: [JBoss-user] how to encode database password in des... Scott M Stark
- RE: [JBoss-user] how to encode database password in des... Mark Wang
- Re: [JBoss-user] how to encode database password in des... Rupp, Heiko
- RE: [JBoss-user] how to encode database password in des... Rupp, Heiko
- RE: [JBoss-user] how to encode database password in des... JD Brennan
- RE: [JBoss-user] how to encode database password in des... Scott M Stark
- RE: [JBoss-user] how to encode database password in des... Mark Wang
- Re: [JBoss-user] how to encode database password in... Milen Dyankov
- RE: [JBoss-user] how to encode database password in des... Rupp, Heiko
- RE: [JBoss-user] how to encode database password in des... JD Brennan
- RE: [JBoss-user] how to encode database password in des... Scott M Stark