- We encrypted the database user name and password in our application
configuration file.
- We generte the "database.xml" during our application execution:
* Decrypt the database user name and password from our application
configuration file.
* Put the decrypted information into the below template (a text
file), using MessageFormat for example, to dynamically generate the
database.xml.
* Create the JDO from the generated dynamic generated database.xml
string.
import org.xml.sax.InputSource;
jdo = new JDO();
jdo.loadConfiguration(
new InputSource(new
StringReader(dynamic_generated_database_xml_string)),
null,
getClass().getClassLoader()
);
jdo.setDatabaseName("data store public name, see parameter
#0");
- You can provide the full qualified mapping file if you want to.
Henry Yuen
P.S.: ***** database_template.xml *****
<!--
Parameter #0: The data store public name.
Parameter #1: The RDBMS engine. E.g. "sql-server", "oracle", "db2"
Parameter #2: The Java driver class name.
Parameter #3: The data store URL.
Parameter #4: The data store's user name.
Parameter #5: The data store's password.
Parameter #6: The path (only) of where the "mapping.xml" located.
-->
<!DOCTYPE
databases
PUBLIC "-//EXOLAB/Castor JDO Configuration DTD Version 1.0//EN"
"http://castor.exolab.org/jdo-conf.dtd";
>
<database name="{0}" engine="{1}" >
<driver
class-name="{2}"
url="{3}"
>
<param name="user" value="{4}" />
<param name="password" value="{5}" />
</driver>
<mapping href="{6}mapping.xml" />
</database>
"Ferguson, Doug"
<dferguson@coreme To: [EMAIL PROTECTED]
trics.com> cc:
Subject: Re: [castor-dev] JDO -
database password
12/03/02 03:19 PM
Please respond to
castor-dev
I don't believe there would be anyway to protect it with JAVA.
If Castor expects the password to be in plain text how is JAVA code going
to
help?
d./
-----Original Message-----
From: Peter Kasson [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 03, 2002 2:05 PM
To: [EMAIL PROTECTED]
Subject: Re: [castor-dev] JDO - database password
Doug,
There are several postings about this a few weeks ago. I believe that you
are correct. Short of changing Castor's source, you can choose
alternatives
for protecting this information (Java solutions, not Castor).
Peter
>From: "Ferguson, Doug" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED]
>Subject: [castor-dev] JDO - database password
>Date: Tue, 3 Dec 2002 13:45:57 -0600
>
>There doesn't appear to be anyway to avoid having your database password
in
>clear text in the jdo configuration file.
>
>Is this correct?
>
>d./
_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail
-----------------------------------------------------------
If you wish to unsubscribe from this mailing, send mail to
[EMAIL PROTECTED] with a subject of:
unsubscribe castor-dev
-----------------------------------------------------------
If you wish to unsubscribe from this mailing, send mail to
[EMAIL PROTECTED] with a subject of:
unsubscribe castor-dev
If you received this e-mail in error please delete it and notify the sender as soon as
possible. The contents of this e-mail may be confidential and the unauthorized use,
copying, or dissemination of it and any attachments to it, is prohibited.
Internet communications are not secure and Hyperion does not, therefore, accept legal
responsibility for the contents of this message nor for any damage caused by viruses.
The views expressed here do not necessarily represent those of Hyperion.
For more information about Hyperion, please visit our Web site at www.hyperion.com
-----------------------------------------------------------
If you wish to unsubscribe from this mailing, send mail to
[EMAIL PROTECTED] with a subject of:
unsubscribe castor-dev
