Hi Peter and Peter :-)))
Thanks for your response.
Another problem is the user/password cannot be determined when the
application in its building state. New database users will be added after
the application is constructed. The application must have the ability to use
the newly added user account to access the database.
smartkid
----- Original Message -----
From: "Peter Kasson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, November 07, 2002 8:01 AM
Subject: Re: [castor-dev] [JDO] How to set the user/password for Oracle thin
driver through code but not in a configuration xml?
> Peter,
>
> You could create a security class with userid and password, then serialize
> it. It is not totally readable in that mode, but if it is needed to be
more
> secure, just encrypt it and then serialize it using Java's encryption
> extensions.
>
> The security of this type of item would not be typically a part of an
> architecture, rather of an organization. If one can not lock down
> directories or file systems with proper security, then there really is
truly
> no total security anway ;(
>
> MySQL, SQL Server and Oracle do store their passwords and the like in the
> database and encrypt them as well. Thus, there is the security of clear
> text passwords. Of course you have a catch-22 there don't cha !
>
> HTH, BPD
>
> Peter
>
>
>
>
>
>
> >From: peter anthony cowan <[EMAIL PROTECTED]>
> >Reply-To: [EMAIL PROTECTED]
> >To: [EMAIL PROTECTED]
> >Subject: Re: [castor-dev] [JDO] How to set the user/password for Oracle
> >thin driver through code but not in a configuration xml?
> >Date: Wed, 06 Nov 2002 12:01:31 -0800
> >
> >I would love to hear an answer to this question that applies not just to
> >oracle,
> >but to postgres, mysql, etc. It's just not secure to store passwords in a
> >config
> >file.
> >
> >If this is not possible, I would gladly take pointers as to where and how
> >the
> >code needs to be updated to implement this functionality for everyone (if
> >it is
> >within my ability, of course).
> >
> >-peter
> >
> >smartkid wrote:
> >
> > > Stores the user/password in the JDO configuration file causes security
> > > problems, and besides, my application must allow each user have their
> >own
> > > database account so I can not connect to the database through a common
> >user.
> > >
> > > Any ideas?
> > >
> > > -----------------------------------------------------------
> > > If you wish to unsubscribe from this mailing, send mail to
> > > [EMAIL PROTECTED] with a subject of:
> > > unsubscribe castor-dev
> >
> >-----------------------------------------------------------
> >If you wish to unsubscribe from this mailing, send mail to
> >[EMAIL PROTECTED] with a subject of:
> > unsubscribe castor-dev
>
>
> _________________________________________________________________
> MSN 8 with e-mail virus protection service: 2 months FREE*
> http://join.msn.com/?page=features/virus
>
> -----------------------------------------------------------
> If you wish to unsubscribe from this mailing, send mail to
> [EMAIL PROTECTED] with a subject of:
> unsubscribe castor-dev
>
>
>
-----------------------------------------------------------
If you wish to unsubscribe from this mailing, send mail to
[EMAIL PROTECTED] with a subject of:
unsubscribe castor-dev
