(Hope you don't mind me jumping in here.) Perhaps the quickest solution is just to make the the {db}-ds.xml file read-only for the JBoss account and not accessible for anyone else. (This should be common practice for any file containing passwords, regardless of the application.) Further, JBoss should be running using it's very own (locked) account.
The trouble I see with going to all the effort of encrypting a password in the {db}-ds.xml file and then decrypting it elsewhere, is that now you've transferred the problem to how you control that encryption key. You'll likely be needing to use symmetric encryption with a shared key - assuming you need to recover the cleartext password for the driver. So now that encryption key needs to be stored somewhere... Hardcoding the key is a bad practice for several reasons. Maybe there's a way to use PKE here....but I have to ask: does the driver send the password across the wire in cleartext to the database? r, Lance View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3856140#3856140 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3856140 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user