[
https://issues.apache.org/jira/browse/OPENJPA-1089?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12734773#action_12734773
]
Donald Woods commented on OPENJPA-1089:
---------------------------------------
Geronimo has been working on something similar for its config files -
https://issues.apache.org/jira/browse/GERONIMO-3003
We've had encrypt/decrypt for password stores and deployer connections for
awhile, so wondering if we need to say that encrypted passwords must be Base64
encoded, so they can always be passed in as a String (whereas some encrypted
data could include 0x00 and quotes by default)?
> Provide for password encryption within persistence.xml
> ------------------------------------------------------
>
> Key: OPENJPA-1089
> URL: https://issues.apache.org/jira/browse/OPENJPA-1089
> Project: OpenJPA
> Issue Type: New Feature
> Components: jpa
> Affects Versions: 1.3.0, 2.0.0-M2
> Reporter: Kevin Sutter
> Attachments: OPENJPA-1089.PATCH
>
>
> A recent discussion on our users forum [1] has surfaced (again) the need to
> encrypt the password fields in the persistence.xml. In the particular
> scenario outlined in the posting, this user wanted to encrypt the password
> sent into Apache DBCP via the url string. In my mind, that's a separate
> problem related to DBCP.
> But, OpenJPA has openjpa.Connection*Password properties that could be
> encrypted. And, the new JPA 2 spec outlines a
> javax.persistence.jdbc.password property that would be nice to encrypt.
> I'm opening this Issue as a Feature request, but it could also be considered
> a bug since a non-jndi environment is crippled from a security standpoint.
> [1]
> http://n2.nabble.com/How-to-encrypt-DB-password-in-persistence.xml-td2868212.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
