What is the best approach to datasource password security?

acastanheira2001 Feb 20, 2009 3:17 PM

Hi there,

I have a datasource file with a plain text password. How can I improve its security?

What is the difference between PBEIdentityLoginModule and SecureIdentityLoginModule?

What does it have to do with Jaas?

Thanks,
AndrÃ©

1. Re: What is the best approach to datasource password securit

jaikiran Feb 20, 2009 11:28 PM (in response to acastanheira2001)

See this http://www.jboss.org/community/docs/DOC-9703
Actions
2. Re: What is the best approach to datasource password securit

acastanheira2001 Feb 25, 2009 12:36 PM (in response to acastanheira2001)

Hi Jaikiran,

IÂ´ve read http://www.jboss.org/community/docs/DOC-9350 and the one you have mentioned.

IÂ´ve configured SecureIdentityLoginModule and it worked fine.

But, as stated in http://docs.huihoo.com/javadoc/jboss/3.2.7/connector/org/jboss/resource/security/SecureIdentityLoginModule.html ... it uses a hard-coded cipher 'jass is the way'.

What can I do to improve the password security?
Is it a good practice to create a custom SecureIdentityLoginModule class?

Thanks,
AndrÃ©
Actions

Go to original post