HI Jay, Armin And All, > -----Original Message----- > From: Armin Waibel [mailto:[EMAIL PROTECTED] > Sent: 01 October 2003 01:18 > To: OJB Users List > Subject: Re: User/Password for JDBC Connection > > > Hi Jay, > ----- Original Message ----- > From: "Xu Jie" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, October 01, 2003 1:04 AM > Subject: User/Password for JDBC Connection > > [...] > > 1) Can we encrypt the user and password in repository.xml file? > Exposing > > user and password certainly has some security concerns. > > This is possible but need some additional work to decrypt > Strings. Two ways to that > 1. Change JdbcConnectionDescriptor to decrypt user/pwd > (currently this class is not pluggable) > 2. Write your own ConnectionFactory (or extend one of > the implementations) and do decryption before connection > creation.
3. Another way - and possibly easier than Armins other suggestions - are to modify the contents of the JdbcConnectionDescriptor *after* reading from the XML. In message http://www.mail-archive.com/[EMAIL PROTECTED]/msg04912.html I give an example of "overriding" the contents of the jdbcConnectionDescriptor. You could use the same approach for reading,decrypting,then updating the info on the jdbcConnectionDesctipor - Something Like (using code from above example): JdbcConnectionDescriptor conDescriptor = getConnectionDescriptor(""); String encryptedUserName = conDescriptor.getUserName(); String encryptedPassword = conDescriptor.getPassWord(); conDescriptor.setUserName(decrypt(encryptedUsername)); conDescriptor.setPassWord(decrypt(encryptedPassWord)); Cheers, Charles. This email and any attachments are strictly confidential and are intended solely for the addressee. If you are not the intended recipient you must not disclose, forward, copy or take any action in reliance on this message or its attachments. If you have received this email in error please notify the sender as soon as possible and delete it from your computer systems. Any views or opinions presented are solely those of the author and do not necessarily reflect those of HPD Software Limited or its affiliates. At present the integrity of email across the internet cannot be guaranteed and messages sent via this medium are potentially at risk. All liability is excluded to the extent permitted by law for any claims arising as a re- sult of the use of this medium to transmit information by or to HPD Software Limited or its affiliates. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
