I think the best way would be to implement a new ConfigAdmin or extend the existing one and then disable the monitoring of the etc folder by fileinstall. Afair the current ConfigAdmin has already a pluggable backend so you could use jdbc, ldap, or any other technology.
On Wednesday, December 29, 2010, karafman <[email protected]> wrote: > > All, > > In IRC there was a short discussion about the merits of databasing > properties normally placed in the /etc directory. The benefits of this > would be security-related, by placing the sensitive configurable properties > in a user-authenticated database, we would decrease the access to those > files, instead of simply making them available. Below is the discussion: > [10:25] <karafman> Do any of you place properties in a database table > instead of in the /etc directory? > [10:27] <kit> i'm doing something of the sort with Derby…not quite > properties - but there's a lookup on service startup. trying to figure out > if it is possible to tie-in to CM. > [10:32] <karafman> I think there'd need to be a code-change, but I really > like the idea of databasing properties. The additional security you'd get > outweighs the effort needed to implement it (IMHO). > [10:35] <karafman> I'll add a discussion topic on this to the Developers > list. > [10:36] <kit> cool. > [10:36] <karafman> Once I get permission to post to the dev's list, I > mean. > :-) > [10:37] <karafman> I'm thinking something like, if the /etc directory is > missing, automatically connect to an internal derby or H2 implementation and > fetch properties. > [10:40] <karafman> Among those properties would be a database.cfg table > containing connection information to different database which would hold > service/application specific properties. > [10:41] <kit> i don't know about not having /etc - but do think there could > be a file there that points to the db config > [10:42] <splatch> karafman: I don't think it is a good idea. For the > Karaf > it's a lot of work because we have Configuration Admin as OSGi service which > reads properties from files > [10:42] <splatch> if you would like to move your properties to database > you > might think about wrapping Configuration Admin service > [10:42] <kit> @splatch but CA could read from DB too > [10:42] <kit> right...:) > [10:42] <kit> a remote db at that. > [10:43] <splatch> that might be fancy stuff for configuration management > [10:43] <splatch> in bigger deployments > > ----- > Karafman > Slayer of the JEE > Pounder of the Perl Programmer > > -- > View this message in context: > http://karaf.922171.n3.nabble.com/databasing-etc-properties-tp2163277p2163277.html > Sent from the Karaf - Dev mailing list archive at Nabble.com. > -- Cheers, Guillaume Nodet ------------------------ Blog: http://gnodet.blogspot.com/ ------------------------ Open Source SOA http://fusesource.com
