Hi Kevin,
Thank you. You had real good solutions but unfortunately neither of
them is feasible for our project.
We use Apache dbcp datasource to leverage DB connection pool and
tomcat 5.5 as app server.
Following is a fragment of our persistence.xml:
                        <property name="openjpa.ConnectionDriverName"
value="org.apache.commons.dbcp.BasicDataSource" />
                                                
                        <property name="openjpa.ConnectionProperties"
                                
value="driverClassName=org.apache.derby.jdbc.ClientDriver,
url=jdbc:derby://localhost:1527/TSAM;create=true, username=app,
password=app, maxActive=30, maxWait=10000,
poolPreparedStatements=true" />

How to encrypt password under  this situation? Or should I adopt
alternative connection pool implementation to make password encryption
easier?

if no better solution, I guess I only have two choices
1. Give up apache dbcp.
2. Modify source code of apache dbcp.

Regards,
Yu Wang




On Thu, May 14, 2009 at 10:54 PM, Kevin Sutter <kwsut...@gmail.com> wrote:
> Hi,
> JPA does not define this functionality.  You could pass in the password via
> the application instead of hard-coding it in a persistence.xml.  Or, if you
> are in an app server environment, you should use a jndi lookup of a
> datasource.  This would be the most secure.
>
> Kevin
>
> On Tue, May 12, 2009 at 4:31 AM, wang yu <wangy...@gmail.com> wrote:
>
>> As title.
>>
>> Regards,
>> Yu Wang
>>
>

Reply via email to