2 Replies Latest reply on Mar 17, 2014 2:29 PM by jclgml

    encrypting datasource passwords severe performance hit.

    jclgml

      We setup our jboss7.1.3 to use encrypted datasource passwords:

       

        <datasources>

                      <datasource jndi-name="java:/SomDS" pool-name="SomeDS" enabled="true" use-java-context="true">

      .....

                          <security>

                              <security-domain>some-encrypted-ds</security-domain>

                          </security>

                      </datasource>

       

      ...

                  <security-domain name="some-encrypted-ds" cache-type="default">
                      <authentication>
                          <login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
                              <module-option name="username" value="some"/>
                              <module-option name="password" value="-......."/>
                          </login-module>
                      </authentication>
                  </security-domain>

      By using this our system took a 30% performance hit.

      Some transactions might call getConnection 50 times.

       

      It seems from looking at code that even if a connection already exists in the pool the password is

      decrypted on every call to get a connection from the datasource.

       

      Seems like it should only decrypt when a new connection is created to the database.

       

      Any workarounds?

      Moving back to unencrypted passwords solves the performance problem.

      Using:

      <security xmlns="urn:jboss:domain:datasources:1.1">

                          <user-name>xxx</user-name>

                          <password>yyy</password>

                      </security>