4 Replies Latest reply on Oct 22, 2012 11:37 AM by vasilievip

    Password encryption in Modesdhape configuration xml

    vasilievip

      Hello,

       

      I have some passwords in Modeshape configuration XML and I would like to get them encrypted with AES128.

      The one idea which I have - is to use one Modeshape repository (configuration repository) to store this xml and then another (application repository) to be published for external usage. Then apply sequencers to crypt the whole file or the passwords itself in configuration repository.

       

      Maybe there is a better way to get passwords encrypted?

       

      Thanks in advance

        • 1. Re: Password encryption in Modesdhape configuration xml
          rhauch

          Are the passwords for JDBC data sources or something else? How are you deploying ModeShape 2.x? If you're deploying within a web/app container, then the best practice is to set up the ModeShape configuration to lookup the data source.

           

          Regarding 3.x, I don't believe there's any slots in our JSON configuration schema to supply a password.

          • 2. Re: Password encryption in Modesdhape configuration xml
            vasilievip

            Randall Hauch wrote:

             

            Are the passwords for JDBC data sources or something else?

            Something else. Let's say svn connector (I have currently two options: create connector for webdav or custom webservice).

             

            Randall Hauch wrote:

             

            How are you deploying ModeShape 2.x? If you're deploying within a web/app container, then the best practice is to set up the ModeShape configuration to lookup the data source.

            Packaging into ear and deploying into websphere. For JDBC, I have no issues with configuring resource adapter. For example for SVN connector or my own connector I do not want to buld it

             

            Randall Hauch wrote:

             

            Regarding 3.x, I don't believe there's any slots in our JSON configuration schema to supply a password.

            This is because you did not migrate connectors from 2.x yet

            • 3. Re: Password encryption in Modesdhape configuration xml
              rhauch

              Regarding 3.x, I don't believe there's any slots in our JSON configuration schema to supply a password.

              This is because you did not migrate connectors from 2.x yet

              True. I've opened MODE-1688 to track this in 3.1, ensuring that we provide a single, unified password encryption mechanism.

              1 of 1 people found this helpful
              • 4. Re: Password encryption in Modesdhape configuration xml
                vasilievip

                Great, thanks