If you are running under a J2EE App server you can use JNDI to get these
credentials from your application server context manager. I have had to do
this for WebSphere and Tomcat deployments. Probably a bit easier than
changing Java code.

Are you running under the Jetty server?

There is documentation about how to do this but if you need some advice do
give a shout.

On 20/02/2008, Stu Baurmann <[EMAIL PROTECTED]> wrote:
>
>
> Howdy folks,
>
> We are currently using Cocoon 2.1.10, and we have numerous cocoon
> installations that use JDBC.
> We love the convenience of embedding a block like this into our
> cocoon.xconf
> to set up a connection:
>
>         <jdbc name="sqlConn">
>                 <dburl>jdbc:mysql://localhost:3306/dbname</dburl>
>                 <user>dbuser</user>
>                 <password>dbpass</password>
>         </jdbc>
>
> BUT, using this approach means our SQL login information is stored
> unencrypted in a text file on the server.
> Of course, if we move the user/password to some encrypted storage
> location,
> we are still going to
> have to make a decryption key available to the software, but we might be
> able to hide that key somewhat
> better than this block.  (Place it in a compiled java class, for example.
> If you have a better idea,
> I'd love to hear it).
>
> Has anyone else tried to create a SecurelyConfiguredDatasource, or have
> some
> suggestions on how
> I could most easily build one?
>
> I'm guessing the implementation might have to change a lot for Cocoon 2.2,
> so perhaps I'm better off
> waiting and solving the problem against that codeline?
>
> Stu
>
> --
> View this message in context:
> http://www.nabble.com/Securing-JDBC-credentials-that-are-stored-in-cocoon.xconf-tp15600542p15600542.html
> Sent from the Cocoon - Users mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

Reply via email to