Hi Kevin, Thank you. You had real good solutions but unfortunately neither of them is feasible for our project. We use Apache dbcp datasource to leverage DB connection pool and tomcat 5.5 as app server. Following is a fragment of our persistence.xml: <property name="openjpa.ConnectionDriverName" value="org.apache.commons.dbcp.BasicDataSource" /> <property name="openjpa.ConnectionProperties" value="driverClassName=org.apache.derby.jdbc.ClientDriver, url=jdbc:derby://localhost:1527/TSAM;create=true, username=app, password=app, maxActive=30, maxWait=10000, poolPreparedStatements=true" />
How to encrypt password under this situation? Or should I adopt alternative connection pool implementation to make password encryption easier? if no better solution, I guess I only have two choices 1. Give up apache dbcp. 2. Modify source code of apache dbcp. Regards, Yu Wang On Thu, May 14, 2009 at 10:54 PM, Kevin Sutter <kwsut...@gmail.com> wrote: > Hi, > JPA does not define this functionality. You could pass in the password via > the application instead of hard-coding it in a persistence.xml. Or, if you > are in an app server environment, you should use a jndi lookup of a > datasource. This would be the most secure. > > Kevin > > On Tue, May 12, 2009 at 4:31 AM, wang yu <wangy...@gmail.com> wrote: > >> As title. >> >> Regards, >> Yu Wang >> >