Hi Jay, ----- Original Message ----- From: "Xu Jie" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 01, 2003 1:04 AM Subject: User/Password for JDBC Connection
> > All, > > I have a question about using OJB with specific user and password. The > question is two fold, > 1) Can we encrypt the user and password in repository.xml file? Exposing > user and password certainly has some security concerns. This is possible but need some additional work to decrypt Strings. Two ways to that 1. Change JdbcConnectionDescriptor to decrypt user/pwd (currently this class is not pluggable) 2. Write your own ConnectionFactory (or extend one of the implementations) and do decryption before connection creation. > 2) If I create JDBC connections by providing user and password at run time, > these connections can not be reused. Why not? You create connection specific metadata at runtime e.g. set user and password in JdbcConnectionDescriptor and hereafter OJB use this metadata to create connections. > In another word, it has to create a new > JDBC connection every time which is expensive. Am I right? > Yes and no. That depends on the used ConnectionFactory implementation. By default connection pooling is used except when using DataSources. They never be pooled by ConnectionFactory implementations shipped with OJB () See http://db.apache.org/ojb/faq.html "How does OJB handle connection pooling?" "Connect to database at runtime?" (in advance - sorry for broken links in FAQ) regards, Armin > Thanks. > > Jay > > > > ---------------------------------------------------------------------- --------- > This message and any included attachments are from Siemens Medical Solutions > USA, Inc. and are intended only for the addressee(s). > The information contained herein may include trade secrets or privileged or > otherwise confidential information. Unauthorized review, forwarding, printing, > copying, distributing, or using such information is strictly prohibited and may > be unlawful. If you received this message in error, or have reason to believe > you are not authorized to receive it, please promptly delete this message and > notify the sender by e-mail with a copy to [EMAIL PROTECTED] Thank you > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
