Kevin, Thanks for your patient answer. I'll try to resolve it in dbcp community.
Cheers, Yu Wang On Mon, May 18, 2009 at 9:03 PM, Kevin Sutter <kwsut...@gmail.com> wrote: > Hi Yu Wang, > My apologies, but I'm not an expert with DBCP. I just thought I would do a > quick Google search to see what's out there and I found a few hits, one of > which I posted to my previous reply. Since you seem to be interested in > encrypting the password being sent in to DBCP, you will probably need to do > something specific with the DBCP implementation either by modifying it > directly (like you mentioned in one of your replies) or maybe by extending > the BasicDataSource (my reference). I don't have any direct experience with > either approach. You might want to try posting your question to the DBCP > group [1]. > > Please keep us informed of your progress. Thanks. > > Kevin > > [1] http://commons.apache.org/dbcp/ > > On Mon, May 18, 2009 at 2:47 AM, wang yu <wangy...@gmail.com> wrote: > >> Hi Kevin, >> Thanks. >> The link you gave indicate how to extend BasicDataSourceFactory. But I >> guess this approach isn't feasible for OpenJPA. >> I need to extend BasicDataSource directly, right? >> And you mentioned "there were other instructions on extending the >> BasicDataSource". Can you make it clearer?I found extending >> BasicDataSource isn't very straightforward. >> >> Regards, >> Yu Wang >> >> On Fri, May 15, 2009 at 9:56 PM, Kevin Sutter <kwsut...@gmail.com> wrote: >> > Hi Yu Wang, >> > Or, you could develop an answer for OpenJPA and contribute it back to the >> > project... :-) Providing an encryption capability for persistence.xml >> > password values would be a nice feature. But, this would probably only >> > apply to our openjpa.* properties... >> > >> > In your particular case where you are passing in all of the parameters to >> > dbcp, I don't see how OpenJPA could help in this case. The URL is just >> > passed through to dbcp, so any decryption of a password field would need >> to >> > be provided by dbcp. >> > >> > I did a quick search on this topic and found a few hits related to >> > encrypting passwords used for dbcp. One link [1] indicated that using >> > Tomcat 6.0 makes this a bit easier, but there were other instructions on >> > extending the BasicDataSource. This link was specific to Tomcat's >> > server.xml, but the idea could probably be extended to the >> persistence.xml. >> > >> > Let us know what you come up with. >> > >> > Thanks, >> > Kevin >> > >> > [1] >> > >> http://stackoverflow.com/questions/129160/how-to-avoid-storing-passwords-in-the-clear-for-tomcats-server-xml-resource-defi >> > >> > >> > >> > On Fri, May 15, 2009 at 2:33 AM, wang yu <wangy...@gmail.com> wrote: >> > >> >> Hi Kevin, >> >> Thank you. You had real good solutions but unfortunately neither of >> >> them is feasible for our project. >> >> We use Apache dbcp datasource to leverage DB connection pool and >> >> tomcat 5.5 as app server. >> >> Following is a fragment of our persistence.xml: >> >> <property name="openjpa.ConnectionDriverName" >> >> value="org.apache.commons.dbcp.BasicDataSource" /> >> >> >> >> <property name="openjpa.ConnectionProperties" >> >> >> >> value="driverClassName=org.apache.derby.jdbc.ClientDriver, >> >> url=jdbc:derby://localhost:1527/TSAM;create=true, username=app, >> >> password=app, maxActive=30, maxWait=10000, >> >> poolPreparedStatements=true" /> >> >> >> >> How to encrypt password under this situation? Or should I adopt >> >> alternative connection pool implementation to make password encryption >> >> easier? >> >> >> >> if no better solution, I guess I only have two choices >> >> 1. Give up apache dbcp. >> >> 2. Modify source code of apache dbcp. >> >> >> >> Regards, >> >> Yu Wang >> >> >> >> >> >> >> >> >> >> On Thu, May 14, 2009 at 10:54 PM, Kevin Sutter <kwsut...@gmail.com> >> wrote: >> >> > Hi, >> >> > JPA does not define this functionality. You could pass in the >> password >> >> via >> >> > the application instead of hard-coding it in a persistence.xml. Or, >> if >> >> you >> >> > are in an app server environment, you should use a jndi lookup of a >> >> > datasource. This would be the most secure. >> >> > >> >> > Kevin >> >> > >> >> > On Tue, May 12, 2009 at 4:31 AM, wang yu <wangy...@gmail.com> wrote: >> >> > >> >> >> As title. >> >> >> >> >> >> Regards, >> >> >> Yu Wang >> >> >> >> >> > >> >> >> > >> >