1 Reply Latest reply on Feb 7, 2004 1:49 AM by starksm64

how to encode database password in descriptor mysql-ds.xml f

cuputur Jan 27, 2004 1:55 PM

"cuputur" wrote:
I guess the question should be here:

Dear JBOSS:

I am using JBOSS 3.2.3 and MySql 4.0.16.

Under the directory:
$JBOSS_HOME/server/default/deploy, there is a file "mysql-ds.xml":

The file has something like the following:
......................................................

<local-tx-datasource>
<jndi-name>MySqlDS</jndi-name>
<connection-url>jdbc:mysql://localhost:3306/authority</connection-url>
<driver-class>org.gjt.mm.mysql.Driver</driver-class>
<user-name>test</user-name>
test123
</local-tx-datasource>

..................................................................

Since the database user-name("test") and password("test123") are plain texts, these are big security flaws. Anybody who can read this
file can use this user-name and password to do anything with the database.

How can we encode the password so that even people can read this file, but can't get the original password?

Could somebody provide a sample configuration file "mysql-ds.xml" and related files?

Thanks a million,

Jerry

1. Re: how to encode database password in descriptor mysql-ds.x

starksm64 Feb 7, 2004 1:49 AM (in response to cuputur)

See: http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3820263#3820263[url]http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3820263#3820263
Actions