[
https://issues.apache.org/jira/browse/DBCP-556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16960071#comment-16960071
]
Brian Hess commented on DBCP-556:
---------------------------------
I am probably going to close out this story as a no-fix. The JDBC specs would
have to change to accept a SealedObject before it is possible for DBCP to
support it as well. It doesn't solve our general security concern if the
password cannot be sealed the entire time it is in-process.
> API changes in get/setPassword and addConnectionProperty to support security
> ----------------------------------------------------------------------------
>
> Key: DBCP-556
> URL: https://issues.apache.org/jira/browse/DBCP-556
> Project: Commons DBCP
> Issue Type: New Feature
> Affects Versions: 2.7.0
> Reporter: Brian Hess
> Priority: Major
>
> Augment the addConnectionProperty API to support a Java Object for the value
> parameter. In this way, passwords as SealedObjects can be sent to the JDBC
> driver.
> Augment the SetPassword and GetPassword APIs to allow a Java SealedObject for
> the password.
> This request is to abide by security requirements in calling code.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
