I would suggest the appserver route. In at least the version of weblogic that I am using, the password is saved to the file system, but it is encrypted in the config file. If that isn't possible, just encrypt the password yourself and put some decryption code in an extension of the datasource. On Tue, Apr 21, 2009 at 9:49 AM, Alex Sherwin <alex.sher...@acadiasoft.com>wrote:
> Not sure about doing it programatically, but it's going to end up being > cleartext (or close to it) somewhere... > > For example when you use a connection pool in an app server, the > user/password ends up being plain text in your domains configuration file... > I believe most people focus on securing the deployment so that the files > cannot be read by users without proper permissions > > > > > Jhaver, Rishi wrote: > >> Hi >> I'm new to Ibatis and was wondering if anyone's faced this issue before. >> Couldn't find a solution on the website FAQs. >> I have the following in my sqlmapconfig file. >> <transactionManager type="JDBC" commitRequired="false"> >> <dataSource type="SIMPLE"> >> <property name="JDBC.Driver" >> value="oracle.jdbc.driver.OracleDriver"/> >> <property name="JDBC.ConnectionURL" value="jdbc:oracle:thin:@XXX1 >> :9999:XXX1"/> >> <property name="JDBC.Username" value="XXX"/> >> <property name="JDBC.Password" value="XXX"/> >> </dataSource> >> </transactionManager> >> I dont want the user name and password to be exposed as clear text in a >> config file. >> Is there a way to hide this information, maybe by passing the information >> programmatically or using another way. >> My main concern is to not keep the user credentials in clear text in a >> config file. >> Thanks >> Rishi... >> >> > > > -- -- Chris O'Connell Application Developer Gorilla 312.243.8777 x19
