Provide for password encryption within persistence.xml
------------------------------------------------------
Key: OPENJPA-1089
URL: https://issues.apache.org/jira/browse/OPENJPA-1089
Project: OpenJPA
Issue Type: New Feature
Components: jpa
Affects Versions: 1.3.0, 2.0.0
Reporter: Kevin Sutter
A recent discussion on our users forum [1] has surfaced (again) the need to
encrypt the password fields in the persistence.xml. In the particular scenario
outlined in the posting, this user wanted to encrypt the password sent into
Apache DBCP via the url string. In my mind, that's a separate problem related
to DBCP.
But, OpenJPA has openjpa.Connection*Password properties that could be
encrypted. And, the new JPA 2 spec outlines a javax.persistence.jdbc.password
property that would be nice to encrypt.
I'm opening this Issue as a Feature request, but it could also be considered a
bug since a non-jndi environment is crippled from a security standpoint.
[1]
http://n2.nabble.com/How-to-encrypt-DB-password-in-persistence.xml-td2868212.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
