Re: [castor-dev] [JDO] How to set the user/password for Oracle thin driverthrough code but not in a configuration xml?

Wed, 06 Nov 2002 16:05:55 -0800

Peter,

You could create a security class with userid and password, then serialize it. It is not totally readable in that mode, but if it is needed to be more secure, just encrypt it and then serialize it using Java's encryption extensions.

The security of this type of item would not be typically a part of an architecture, rather of an organization. If one can not lock down directories or file systems with proper security, then there really is truly no total security anway ;(

MySQL, SQL Server and Oracle do store their passwords and the like in the database and encrypt them as well. Thus, there is the security of clear text passwords. Of course you have a catch-22 there don't cha !

HTH, BPD

Peter






From: peter anthony cowan <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [castor-dev] [JDO] How to set the user/password for Oracle thin driver through code but not in a configuration xml?
Date: Wed, 06 Nov 2002 12:01:31 -0800

I would love to hear an answer to this question that applies not just to oracle,
but to postgres, mysql, etc. It's just not secure to store passwords in a config
file.

If this is not possible, I would gladly take pointers as to where and how the
code needs to be updated to implement this functionality for everyone (if it is
within my ability, of course).

-peter

smartkid wrote:

> Stores the user/password in the JDO configuration file causes security
> problems, and besides, my application must allow each user have their own
> database account so I can not connect to the database through a common user.
>
> Any ideas?
>
> -----------------------------------------------------------
> If you wish to unsubscribe from this mailing, send mail to
> [EMAIL PROTECTED] with a subject of:
> unsubscribe castor-dev

-----------------------------------------------------------
If you wish to unsubscribe from this mailing, send mail to
[EMAIL PROTECTED] with a subject of:
unsubscribe castor-dev

_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus

----------------------------------------------------------- If you wish to unsubscribe from this mailing, send mail to
[EMAIL PROTECTED] with a subject of:
unsubscribe castor-dev

Reply via email to