[
https://issues.apache.org/jira/browse/DBCP-152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12514273
]
Dain Sundstrom commented on DBCP-152:
-------------------------------------
Ralf,
Security is a very important issue for me, so I'm not saying that I don't want
to support security features or that I don't want anyone to implement security
fixes.
You are requesting that we add a socketFactory factory property to DBCP, which
is about 7 lines of code. The problem is once we add this property, we have no
standard way to pass this information to the JDBC driver. One option, as you
have suggested, is to add the socketFactory property to the properties object
passed to driver.connect(url, properties). If that is your ultimate goal, we
already have a mechanism in DBCP to pass properties to the connection factory
addConnectionProperty(name, value). Additionally, since there is no standard
for this property, it is likely that any vendor that supported the property
chose a different name (e.g., socketFactoryName, sockteFactoryClass, etc.).
There are other databases that pass this type of connection security
information via the JDBC connect URL, which makes since since the security
properties apply to all connections and not just a single connection.
Unfortunately, there is no standard way to encode properties into a JDBC
connect URL. Fortunately, we have a standard set the connect URL setUrl(url).
To reiterate, security is very important to me, and if there were a standard
way to support this type of configuration, I would submit a patch. In this
specific case, I think there is any way to support your request without it
being vendor specific, and I do not want to see DBCP expanded with vendor
specific extensions.
I suggest that you make a request for enhancement with the JDBC expert group
(http://jcp.org/en/jsr/detail?id=221), and if they approve security
enhancements, we will support them.
> [DBCP] add a socketFactory attribute to BasicDataSource (to allow SSL
> "thread"-safe)
> ------------------------------------------------------------------------------------
>
> Key: DBCP-152
> URL: https://issues.apache.org/jira/browse/DBCP-152
> Project: Commons Dbcp
> Issue Type: Improvement
> Affects Versions: 1.2
> Environment: Operating System: All
> Platform: Other
> Reporter: Ralf Hauser
> Priority: Minor
> Fix For: 1.3
>
>
> An app that accesses 2 datasources at two different places with different
> security policies via SSL (different set of permitted ciphers) currently is
> out
> of luck (http://lists.mysql.com/java/8689).
> The basic datasource should be enhanced with
>
> String socketFactory = "";
> and the corresponding getter and setter method, etc.
> org.apache.commons.dbcp.DriverConnectionFactory.createConnection() could then
> hand-over this full className via its Properties argument to enable different
> SSL policies per datasource (so, since the application programmer doesn't have
> the thread under her control, I guess it should rather be called
> "dataSource-safe").
> The jdbc driver implementation can then use this to take the appropriate
> socket
> factory when creating a connection.
> See also http://lists.mysql.com/java/8695
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
