Thanks for all the responses. If I'm looking to create a connection object from within the java code, - how do I create such a connection object from my code (that will work with IBATIS). Do I need to use java.sql.Connection ? or something else ? - can I use this object along with user name and pwd credentials to connect to an oracle db. Thanks Rishi...
________________________________ From: Chris O'Connell [mailto:oconn...@gorillachicago.com] Sent: Tuesday, April 21, 2009 10:00 AM To: user-java@ibatis.apache.org Subject: Re: Sql Map file I would suggest the appserver route. In at least the version of weblogic that I am using, the password is saved to the file system, but it is encrypted in the config file. If that isn't possible, just encrypt the password yourself and put some decryption code in an extension of the datasource. On Tue, Apr 21, 2009 at 9:49 AM, Alex Sherwin <alex.sher...@acadiasoft.com> wrote: Not sure about doing it programatically, but it's going to end up being cleartext (or close to it) somewhere... For example when you use a connection pool in an app server, the user/password ends up being plain text in your domains configuration file... I believe most people focus on securing the deployment so that the files cannot be read by users without proper permissions Jhaver, Rishi wrote: Hi I'm new to Ibatis and was wondering if anyone's faced this issue before. Couldn't find a solution on the website FAQs. I have the following in my sqlmapconfig file. <transactionManager type="JDBC" commitRequired="false"> <dataSource type="SIMPLE"> <property name="JDBC.Driver" value="oracle.jdbc.driver.OracleDriver"/> <property name="JDBC.ConnectionURL" value="jdbc:oracle:thin:@XXX1:9999:XXX1"/> <property name="JDBC.Username" value="XXX"/> <property name="JDBC.Password" value="XXX"/> </dataSource> </transactionManager> I dont want the user name and password to be exposed as clear text in a config file. Is there a way to hide this information, maybe by passing the information programmatically or using another way. My main concern is to not keep the user credentials in clear text in a config file. Thanks Rishi... -- -- Chris O'Connell Application Developer Gorilla 312.243.8777 x19
