Peter, thanks much for your suggestion. I don't completely follow, though. 1. Is this 'security class' nothing more than a serialized, possibly encrypted, bean with a a userid and password field? if not, what else does it entail? 2. How do I get from having this security class deserialized, and loaded into memory, to setting the configuration for castor's JDO with it?
yeah, i'm familiar with the catch-22ish anture of these decurity issues, fortunantely the people i'm working for have very specific security standards, and in this case it is just 'no plain text passwords in a config file to be used by the app server'. thanks, -peter Peter Kasson wrote: > Peter, > > You could create a security class with userid and password, then serialize > it. It is not totally readable in that mode, but if it is needed to be more > secure, just encrypt it and then serialize it using Java's encryption > extensions. > > The security of this type of item would not be typically a part of an > architecture, rather of an organization. If one can not lock down > directories or file systems with proper security, then there really is truly > no total security anway ;( > > MySQL, SQL Server and Oracle do store their passwords and the like in the > database and encrypt them as well. Thus, there is the security of clear > text passwords. Of course you have a catch-22 there don't cha ! > > HTH, BPD > > Peter > > >From: peter anthony cowan <[EMAIL PROTECTED]> > >Reply-To: [EMAIL PROTECTED] > >To: [EMAIL PROTECTED] > >Subject: Re: [castor-dev] [JDO] How to set the user/password for Oracle > >thin driver through code but not in a configuration xml? > >Date: Wed, 06 Nov 2002 12:01:31 -0800 > > > >I would love to hear an answer to this question that applies not just to > >oracle, > >but to postgres, mysql, etc. It's just not secure to store passwords in a > >config > >file. > > > >If this is not possible, I would gladly take pointers as to where and how > >the > >code needs to be updated to implement this functionality for everyone (if > >it is > >within my ability, of course). > > > >-peter > > > >smartkid wrote: > > > > > Stores the user/password in the JDO configuration file causes security > > > problems, and besides, my application must allow each user have their > >own > > > database account so I can not connect to the database through a common > >user. > > > > > > Any ideas? > > > > > > ----------------------------------------------------------- > > > If you wish to unsubscribe from this mailing, send mail to > > > [EMAIL PROTECTED] with a subject of: > > > unsubscribe castor-dev > > > >----------------------------------------------------------- > >If you wish to unsubscribe from this mailing, send mail to > >[EMAIL PROTECTED] with a subject of: > > unsubscribe castor-dev > > _________________________________________________________________ > MSN 8 with e-mail virus protection service: 2 months FREE* > http://join.msn.com/?page=features/virus > > ----------------------------------------------------------- > If you wish to unsubscribe from this mailing, send mail to > [EMAIL PROTECTED] with a subject of: > unsubscribe castor-dev ----------------------------------------------------------- If you wish to unsubscribe from this mailing, send mail to [EMAIL PROTECTED] with a subject of: unsubscribe castor-dev
