Thanks for the insights, Donald. And, thanks for posting this info to the JIRA Issue (openjpa-1089) as well.
Kevin On Fri, May 15, 2009 at 10:25 AM, Donald Woods <dwo...@apache.org> wrote: > We have a similar feature in Apache Geronimo for our config.xml and > deployment plans. The only downside of adding this to OpenJPA, is we would > then have to follow the ASF Cryptography release guidelines at - > http://www.apache.org/dev/crypto.html > since we would be using encryption/decryption (even if provided by the > JVM). Not a biggie, but adds a few steps to the release process... > > > -Donald > > > > Kevin Sutter wrote: > >> Hi Yu Wang, >> Or, you could develop an answer for OpenJPA and contribute it back to the >> project... :-) Providing an encryption capability for persistence.xml >> password values would be a nice feature. But, this would probably only >> apply to our openjpa.* properties... >> >> In your particular case where you are passing in all of the parameters to >> dbcp, I don't see how OpenJPA could help in this case. The URL is just >> passed through to dbcp, so any decryption of a password field would need >> to >> be provided by dbcp. >> >> I did a quick search on this topic and found a few hits related to >> encrypting passwords used for dbcp. One link [1] indicated that using >> Tomcat 6.0 makes this a bit easier, but there were other instructions on >> extending the BasicDataSource. This link was specific to Tomcat's >> server.xml, but the idea could probably be extended to the >> persistence.xml. >> >> Let us know what you come up with. >> >> Thanks, >> Kevin >> >> [1] >> >> http://stackoverflow.com/questions/129160/how-to-avoid-storing-passwords-in-the-clear-for-tomcats-server-xml-resource-defi >> >> >> >> On Fri, May 15, 2009 at 2:33 AM, wang yu <wangy...@gmail.com> wrote: >> >> Hi Kevin, >>> Thank you. You had real good solutions but unfortunately neither of >>> them is feasible for our project. >>> We use Apache dbcp datasource to leverage DB connection pool and >>> tomcat 5.5 as app server. >>> Following is a fragment of our persistence.xml: >>> <property name="openjpa.ConnectionDriverName" >>> value="org.apache.commons.dbcp.BasicDataSource" /> >>> >>> <property name="openjpa.ConnectionProperties" >>> >>> value="driverClassName=org.apache.derby.jdbc.ClientDriver, >>> url=jdbc:derby://localhost:1527/TSAM;create=true, username=app, >>> password=app, maxActive=30, maxWait=10000, >>> poolPreparedStatements=true" /> >>> >>> How to encrypt password under this situation? Or should I adopt >>> alternative connection pool implementation to make password encryption >>> easier? >>> >>> if no better solution, I guess I only have two choices >>> 1. Give up apache dbcp. >>> 2. Modify source code of apache dbcp. >>> >>> Regards, >>> Yu Wang >>> >>> >>> >>> >>> On Thu, May 14, 2009 at 10:54 PM, Kevin Sutter <kwsut...@gmail.com> >>> wrote: >>> >>>> Hi, >>>> JPA does not define this functionality. You could pass in the password >>>> >>> via >>> >>>> the application instead of hard-coding it in a persistence.xml. Or, if >>>> >>> you >>> >>>> are in an app server environment, you should use a jndi lookup of a >>>> datasource. This would be the most secure. >>>> >>>> Kevin >>>> >>>> On Tue, May 12, 2009 at 4:31 AM, wang yu <wangy...@gmail.com> wrote: >>>> >>>> As title. >>>>> >>>>> Regards, >>>>> Yu Wang >>>>> >>>>> >>
