[CONF] Apache Cayenne: Password Encoding (page edited)

[confluence]

Page Edited : CAY : Password Encoding Password Encoding has been edited by Michael Gentry (Dec 01, 2006). (View changes) Content: Modeler Password encoding offers a mechanism for end-users to better control the way in which Cayenne obtains and stores database passwords. The current (version 1.2.x/2.0.x) method is to store the password in plain text inside the model. This approach might be acceptable for a lot of organizations, but some companies have different IT standard for how this information is obtained. The implementation of password encoding is not yet completed, but this page will hopefully provide enough information for feedback on the feature. The encoding feature is added to the JDBC driver and includes several new fields. It will default to the current method of dealing with passwords, although the new fields are still visible. This screenshot shows the current mockup of the interface: The new fields are: Password Encoder The class used to encode and decode passwords. Two standard encoders are included: PlainTextPasswordEncoder and Rot13PasswordEncoder. The plain text encoder is essentially the current Cayenne default – passwords are stored in plain text. The ROT-13 encoder does a simple Caesar cipher of the password, which is easily unscrambled, but provides a slight degree of obfuscation. This field is user-editable and a different/custom class can be entered. Password Salt A user-entered text string which can be used to salt the encoder. (This might not be the best terminology – corrections appreciated.) The standard encoders require no salt. Password Location A pulldown list for where to obtain the password. The default is from inside the Cayenne model (the normal Cayenne method). Other options include Classpath (searches the Java CLASSPATH for it), Executable Program (run a command to obtain the password), and URL (file: or perhaps even http:). Password Source This field morphs a bit. It is unused if the Password Location is Model. If the Password Location is Classpath, Executable Program, or URL, then it is used to specify the filename to find in the CLASSPATH, the program to run (with all parameters), or the URL. API Password encoders implement the new PasswordEncoding interface: PasswordEncoding.java public interface PasswordEncoding { final String[] standardEncoders = new String[] { PlainTextPasswordEncoder.class.getName(), Rot13PasswordEncoder.class.getName() }; /** * Decodes an encoded database password. * * @param encodedPassword - The encoded password to be decoded * @param salt - An optional data element which can be used to salt the algorithm. * @return The decoded normal/plain plassword. */ public String decodePassword(String encodedPassword, String salt); /** * Encodes a normal/plain database password. * * @param normalPassword - The normal/plain password to be encoded * @param salt - An optional data element which can be used to salt the algorithm. * @return The encoded password. */ public String encodePassword(String normalPassword, String salt); } When loading the model, the retrieved password is passed through the decodePassword(encodedPassword, salt) method to obtain the actual password. When saving the model, if the Password Location is in the Cayenne Model or Java Classpath, then the encodePassword(normalPassword, salt) method is called and the returned value is saved. The standard encoders, such as the plain text encoder, are trival: PlainTextPasswordEncoder.java package org.objectstyle.cayenne.conf; public class PlainTextPasswordEncoder implements PasswordEncoding { public String decodePassword(String encodedPassword, String salt) { return encodedPassword; } public String encodePassword(String normalPassword, String salt) { return normalPassword; } } If your organization requires something more advanced, such as Triple DES, then you can write an encoder to handle it and plug it into Cayenne (make sure to add the JAR with your custom encoder to the Modeler's Classpath Preferences settings and to the Java Classpath at runtime). Encoders implementing strong encryption algorithms will not be supplied as part of the standard Apache Cayenne framework due to US export restrictions. Useful Information The encoding is only applied to the database password on the Cayenne side. The data stream between the application and database is unaffected, so the password could (and usually will) be transmitted in-the-clear over the network to the database.

Powered by Atlassian Confluence (Version: 2.2.9 Build:#527 Sep 07, 2006) - Bug/feature request

Unsubscribe or edit your notifications preferences