Howdy folks,
We are currently using Cocoon 2.1.10, and we have numerous cocoon
installations that use JDBC.
We love the convenience of embedding a block like this into our cocoon.xconf
to set up a connection:
<jdbc name="sqlConn">
<dburl>jdbc:mysql://localhost:3306/dbname</dburl>
<user>dbuser</user>
<password>dbpass</password>
</jdbc>
BUT, using this approach means our SQL login information is stored
unencrypted in a text file on the server.
Of course, if we move the user/password to some encrypted storage location,
we are still going to
have to make a decryption key available to the software, but we might be
able to hide that key somewhat
better than this block. (Place it in a compiled java class, for example.
If you have a better idea,
I'd love to hear it).
Has anyone else tried to create a SecurelyConfiguredDatasource, or have some
suggestions on how
I could most easily build one?
I'm guessing the implementation might have to change a lot for Cocoon 2.2,
so perhaps I'm better off
waiting and solving the problem against that codeline?
Stu
--
View this message in context:
http://www.nabble.com/Securing-JDBC-credentials-that-are-stored-in-cocoon.xconf-tp15600542p15600542.html
Sent from the Cocoon - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
