We have a similar feature in Apache Geronimo for our config.xml and
deployment plans. The only downside of adding this to OpenJPA, is we
would then have to follow the ASF Cryptography release guidelines at -
http://www.apache.org/dev/crypto.html
since we would be using encryption/decryption (even if provided by the
JVM). Not a biggie, but adds a few steps to the release process...
-Donald
Kevin Sutter wrote:
Hi Yu Wang,
Or, you could develop an answer for OpenJPA and contribute it back to the
project... :-) Providing an encryption capability for persistence.xml
password values would be a nice feature. But, this would probably only
apply to our openjpa.* properties...
In your particular case where you are passing in all of the parameters to
dbcp, I don't see how OpenJPA could help in this case. The URL is just
passed through to dbcp, so any decryption of a password field would need to
be provided by dbcp.
I did a quick search on this topic and found a few hits related to
encrypting passwords used for dbcp. One link [1] indicated that using
Tomcat 6.0 makes this a bit easier, but there were other instructions on
extending the BasicDataSource. This link was specific to Tomcat's
server.xml, but the idea could probably be extended to the persistence.xml.
Let us know what you come up with.
Thanks,
Kevin
[1]
http://stackoverflow.com/questions/129160/how-to-avoid-storing-passwords-in-the-clear-for-tomcats-server-xml-resource-defi
On Fri, May 15, 2009 at 2:33 AM, wang yu <wangy...@gmail.com> wrote:
Hi Kevin,
Thank you. You had real good solutions but unfortunately neither of
them is feasible for our project.
We use Apache dbcp datasource to leverage DB connection pool and
tomcat 5.5 as app server.
Following is a fragment of our persistence.xml:
<property name="openjpa.ConnectionDriverName"
value="org.apache.commons.dbcp.BasicDataSource" />
<property name="openjpa.ConnectionProperties"
value="driverClassName=org.apache.derby.jdbc.ClientDriver,
url=jdbc:derby://localhost:1527/TSAM;create=true, username=app,
password=app, maxActive=30, maxWait=10000,
poolPreparedStatements=true" />
How to encrypt password under this situation? Or should I adopt
alternative connection pool implementation to make password encryption
easier?
if no better solution, I guess I only have two choices
1. Give up apache dbcp.
2. Modify source code of apache dbcp.
Regards,
Yu Wang
On Thu, May 14, 2009 at 10:54 PM, Kevin Sutter <kwsut...@gmail.com> wrote:
Hi,
JPA does not define this functionality. You could pass in the password
via
the application instead of hard-coding it in a persistence.xml. Or, if
you
are in an app server environment, you should use a jndi lookup of a
datasource. This would be the most secure.
Kevin
On Tue, May 12, 2009 at 4:31 AM, wang yu <wangy...@gmail.com> wrote:
As title.
Regards,
Yu Wang
