[
https://issues.apache.org/jira/browse/OPENJPA-1089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rick Curtis updated OPENJPA-1089:
---------------------------------
Attachment: OPENJPA-1089.PATCH
I created a plugin that allows a user to implement a EncryptionProvider
interface so the OpenJPA runtime will call their interface to decrypt
openjpa.Connection(2)Password values. Please take a look and let me know what
you think. If everything looks good I'll fix up the user manual.
-Rick
> Provide for password encryption within persistence.xml
> ------------------------------------------------------
>
> Key: OPENJPA-1089
> URL: https://issues.apache.org/jira/browse/OPENJPA-1089
> Project: OpenJPA
> Issue Type: New Feature
> Components: jpa
> Affects Versions: 1.3.0, 2.0.0-M2
> Reporter: Kevin Sutter
> Attachments: OPENJPA-1089.PATCH
>
>
> A recent discussion on our users forum [1] has surfaced (again) the need to
> encrypt the password fields in the persistence.xml. In the particular
> scenario outlined in the posting, this user wanted to encrypt the password
> sent into Apache DBCP via the url string. In my mind, that's a separate
> problem related to DBCP.
> But, OpenJPA has openjpa.Connection*Password properties that could be
> encrypted. And, the new JPA 2 spec outlines a
> javax.persistence.jdbc.password property that would be nice to encrypt.
> I'm opening this Issue as a Feature request, but it could also be considered
> a bug since a non-jndi environment is crippled from a security standpoint.
> [1]
> http://n2.nabble.com/How-to-encrypt-DB-password-in-persistence.xml-td2868212.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
