George Sexton wrote:
If you really want to do this, then you will need to have your application startup have a method that permits an operator to enter in the password for the JDBC information at startup.
Whatever - the key is to be able to insert an application-defined processing step between the reading of the DBCP properties, and sending the username and password to the JDBC driver.
This additional step could be:
* nothing (cleartext username and password)
* trivial decryption of a trivially encrypted string (not cryptographically safe, but Dilbert's-boss-safe).
* True encrypted strings that require a password-protected opening of a private-key file to decrypt.
* True password-protected external storage of encrypted data.
Whatever. The key is to be able to do a two-way processing of the username, password, and other sensitive data (even the JDBC url). A tool to "encode" the data into the JDBC properties, and a code callback to "decode" the properties when reading them from the file.
How easy is this to do? Where would such a hook go?
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]