[CONF] Apache Cayenne: Password Encoding (page edited)

Tue, 28 Nov 2006 06:48:23 -0800

Page Edited : CAY : Password Encoding

Password Encoding has been edited by Michael Gentry (Nov 28, 2006).

Change summary:

Swapped location/source to reflect updated GUI

(View changes)

Content:

Password encoding offers a mechanism for end-users to better control the way in which Cayenne obtains and stores database passwords. The current (version 1.2.x/2.0.x) method is to store the password in plain text inside the model. This approach might be acceptable for a lot of organizations, but some companies have different IT standard for how this information is obtained.

The implementation of password encoding is not yet completed, but this page will hopefully provide enough information for feedback on the feature.

The encoding feature is added to the JDBC driver and includes several new fields. It will default to the current method of dealing with passwords, although the new fields are still visible. This screenshot shows the current mockup of the interface:

The new fields are:

  • Password Encoder The class used to encode and decode passwords. Two standard encoders are included: PlainTextPasswordEncoder and Rot13PasswordEncoder. The plain text encoder is essentially the current Cayenne default – passwords are stored in plain text. The ROT-13 encoder does a simple Caesar cipher of the password, which is easily unscrambled, but provides a slight degree of obfuscation. This field is user-editable and a different/custom class can be entered.
  • Password Salt A user-entered text string which can be used to salt the encoder. (This might not be the best terminology – corrections appreciated.) The standard encoders require no salt.
  • Password Location A pulldown list for where to obtain the password. The default is from inside the Cayenne model (the normal Cayenne method). Other options include Classpath (searches the Java CLASSPATH for it), Executable Program (run a command to obtain the password), and URL (file: or perhaps even http:).
  • Password Source This field morphs a bit. It is unused if the Password Location is Model. If the Password Location is Classpath, Executable Program, or URL, then it is used to specify the filename to find in the CLASSPATH, the program to run (with all parameters), or the URL.

Powered by Atlassian Confluence (Version: 2.2.9 Build:#527 Sep 07, 2006) - Bug/feature request

Unsubscribe or edit your notifications preferences

Reply via email to