Where you just using the parameters & marked up xml i.e. "{0}" has for
example's sake?
No. The text is the actual xml template file we are using in our code. We
read the template file and using the MessageFormat to subtitute it with the
correct information.
What is the reason for using message digest?
We are not using any message digest for the JDO configuration. We encrypt
the database user name and password in our application configuration file
(not clear text). Although you can digest these information (instead of
encrption).
Can I just build a string that has the same contents as my xml file & write
that with a string reader?
That is the idea behind our approach. We format (using MessageFormat) to
complete the xml string with the six required parameters.
The other benefit is you can ask the user for the database connection
information (using a web page form for example) and generate the JDO
configuration xml to create a JDO. Now your customers/users don't have to
manually edit the database.xml for different database connections,
especially when the users are miles away from the server where Castor is
running!
Henry Yuen
"Ferguson, Doug"
<dferguson@coreme To: [EMAIL PROTECTED]
trics.com> cc:
Subject: Re: [castor-dev] JDO -
database password
12/03/02 04:30 PM
Please respond to
castor-dev
Henry,
Where you just using the parameters & marked up xml i.e. "{0}" has for
example's sake?
What is the reason for using message digest?
Can I just build a string that has the same contents as my xml file & write
that with a string reader?
d./
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 03, 2002 2:59 PM
To: [EMAIL PROTECTED]
Subject: Re: [castor-dev] JDO - database password
- We encrypted the database user name and password in our application
configuration file.
- We generte the "database.xml" during our application execution:
* Decrypt the database user name and password from our application
configuration file.
* Put the decrypted information into the below template (a text
file), using MessageFormat for example, to dynamically generate the
database.xml.
* Create the JDO from the generated dynamic generated database.xml
string.
import org.xml.sax.InputSource;
jdo = new JDO();
jdo.loadConfiguration(
new InputSource(new
StringReader(dynamic_generated_database_xml_string)),
null,
getClass().getClassLoader()
);
jdo.setDatabaseName("data store public name, see parameter
#0");
- You can provide the full qualified mapping file if you want to.
Henry Yuen
P.S.: ***** database_template.xml *****
<!-- Parameter #0: The data store public name. Parameter #1:
The RDBMS engine. E.g. "sql-server", "oracle", "db2" Parameter #2:
The Java driver class name. Parameter #3: The data store URL.
Parameter #4: The data store's user name. Parameter #5: The data
store's password. Parameter #6: The path (only) of where the
"mapping.xml" located.-->
<!DOCTYPE
databases
PUBLIC "-//EXOLAB/Castor JDO Configuration DTD Version 1.0//EN"
"http://castor.exolab.org/jdo-conf.dtd";
>
<database name="{0}" engine="{1}" >
<driver
class-name="{2}"
url="{3}"
>
<param name="user" value="{4}" />
<param name="password" value="{5}" />
</driver>
<mapping href="{6}mapping.xml" />
</database>
"Ferguson, Doug"
<dferguson@coreme To:
[EMAIL PROTECTED]
trics.com> cc:
Subject: Re: [castor-dev]
JDO - database password
12/03/02 03:19 PM
Please respond to
castor-dev
I don't believe there would be anyway to protect it with JAVA.
If Castor expects the password to be in plain text how is JAVA code going
to
help?
d./
-----Original Message-----
From: Peter Kasson [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 03, 2002 2:05 PM
To: [EMAIL PROTECTED]
Subject: Re: [castor-dev] JDO - database password
Doug,
There are several postings about this a few weeks ago. I believe that you
are correct. Short of changing Castor's source, you can choose
alternatives
for protecting this information (Java solutions, not Castor).
Peter
>From: "Ferguson, Doug" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED]
>Subject: [castor-dev] JDO - database password
>Date: Tue, 3 Dec 2002 13:45:57 -0600
>
>There doesn't appear to be anyway to avoid having your database password
in
>clear text in the jdo configuration file.
>
>Is this correct?
>
>d./
_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail
-----------------------------------------------------------
If you wish to unsubscribe from this mailing, send mail to
[EMAIL PROTECTED] with a subject of:
unsubscribe castor-dev
-----------------------------------------------------------
If you wish to unsubscribe from this mailing, send mail to
[EMAIL PROTECTED] with a subject of:
unsubscribe castor-dev
If you received this e-mail in error please delete it and notify the sender
as soon as possible. The contents of this e-mail may be confidential and
the
unauthorized use, copying, or dissemination of it and any attachments to
it,
is prohibited.
Internet communications are not secure and Hyperion does not, therefore,
accept legal responsibility for the contents of this message nor for any
damage caused by viruses. The views expressed here do not necessarily
represent those of Hyperion.
For more information about Hyperion, please visit our Web site at
www.hyperion.com
-----------------------------------------------------------
If you wish to unsubscribe from this mailing, send mail to
[EMAIL PROTECTED] with a subject of:
unsubscribe castor-dev
-----------------------------------------------------------
If you wish to unsubscribe from this mailing, send mail to
[EMAIL PROTECTED] with a subject of:
unsubscribe castor-dev
If you received this e-mail in error please delete it and notify the sender as soon as
possible. The contents of this e-mail may be confidential and the unauthorized use,
copying, or dissemination of it and any attachments to it, is prohibited.
Internet communications are not secure and Hyperion does not, therefore, accept legal
responsibility for the contents of this message nor for any damage caused by viruses.
The views expressed here do not necessarily represent those of Hyperion.
For more information about Hyperion, please visit our Web site at www.hyperion.com
-----------------------------------------------------------
If you wish to unsubscribe from this mailing, send mail to
[EMAIL PROTECTED] with a subject of:
unsubscribe castor-dev
