8 Replies Latest reply on Jun 25, 2010 5:13 PM by Steven Bruce

    Securing Jopr Oracle Settings

    Steven Bruce Newbie

      I want to secure the connection between Jopr and Oracle.  My plan is to use a encrypted password (keystore) to hide the password from cleartext.

       

      When installing jopr on a server, where do the oracle database settings get set?  If I want to go back and change these settings manually, where would I find them?

        • 2. Re: Jopr Oracle Settings
          Steven Bruce Newbie

          So I found that the database information is stored in the rhq-server.properties file, but I still am looking for more information, so I guess I'll further describe my questions below:

           

          1) Is the rhq server database information stored anywhere else?

          2) Where is the rhq.server.database.password variable used in the code?

          3) Is it possible to set any of these variables to be the output of a command by using backticks or the $(cmd) format?

           

          Thanks,

          Steven

          • 3. Re: Jopr Oracle Settings
            mazz Master
            1) Is the rhq server database information stored anywhere else?

             

            that's it. technically (if you are familiar with how JBossAS is started/configured), the

            rhq-server.properties is passed into the JBossAS server's run script via the -P option, which

            means all settings in there are set as system properties in the JBossAS VM.

             

            2) Where is the rhq.server.database.password variable used in the code?

             

            In the rhq-ds.xml file (the thing that sets up the datasource). Note, in our up coming release, we obfuscate that

            db password found in the .properties file. see https://bugzilla.redhat.com/show_bug.cgi?id=535601

             

            3) Is it possible to set any of these variables to be the output of a command by using backticks or the $(cmd) format?

             

            No. As mentioned above, rhq-server.properties is a flat file that is passed to JbossAS via -P option - its simply

            a name/value pair properties file, not a script and thus not run through a scripting engine.

             

            If the question is about security, we recommend locking down this .properties file with appropriate UNIX file system

            permissions You could grab a beta and also rely on obfuscation to help "hide" the password

            (though clearly obfuscation isn't a hardened security mechanism - though it can help thwart accidental compromise).


            Worst case, you could modify/customize the rhq-server.sh script to pass in some of these properties to run.sh via the -D
            option that JBossAS supports and take out the values in the .properties file. I don't know anyone that had a need to do
            this but I'm sure its doable.

             

            1 of 1 people found this helpful
            • 4. Re: Jopr Oracle Settings
              Steven Bruce Newbie

              Great!  That last post was really helpful, I'm on the right track now.  I want to remove the occurences of the rhq.server.database.password from rhq-ds.xml so that I do not need to use the rhq-server.properties file to store it in plain text

               

              I've been asked to do something similar to this: http://community.jboss.org/wiki/EncryptKeystorePasswordInTomcatConnector, but I'm not quite sure how to apply it to this situation.  I'm thinking that something along the lines of this article: http://community.jboss.org/wiki/encryptingdatasourcepasswords might be helpful to me as well, but I don't even want an encrypted password visible.  I think I want to use something along the lines of java:/jaas/encrypt-keystore-password and create an mbean using KeyStoreType, KeyStoreURL and KeyStorePass as attributes.

               

              Does anyone have any suggestions about how something like this might be done?  I'm not quite sure how all the pieces fit together yet, so any help would be greatly appreciated.

               

              Thanks,

              Steven

              • 5. Re: Jopr Oracle Settings
                Ian Springer Master

                Let us know what you come up with. I think other RHQ users may also be interested in doing something similar.

                • 6. Re: Jopr Oracle Settings
                  Steven Bruce Newbie

                  Similar to this: http://community.jboss.org/wiki/EncryptKeystorePasswordInTomcatConnector, if I create a connector in JOPR_HOME/jopr-server-2.3.1/jbossas/server/default/deploy/jboss-web.deployer/server.xml and a corresponding mbean in JOPR_HOME/jopr-server-2.3.1/jbossas/server/default/deploy/jboss-web.deployer/META-INF/jboss-service.xml, would there be a way to remove the passwords from the datasource file?

                  • 7. Re: Jopr Oracle Settings
                    Steven Bruce Newbie
                    Worst case, you could modify/customize the rhq-server.sh script to pass in some of these properties to run.sh via the -D
                    option that JBossAS supports and take out the values in the .properties file. I don't know anyone that had a need to do
                    this but I'm sure its doable.

                     

                    This could be a viable solution actually, but is it possible to do this in such a way that the properties being passed are not visible in the process table?

                     

                    Thanks,

                    Steven

                    • 8. Re: Jopr Oracle Settings
                      Steven Bruce Newbie

                      Steven Bruce wrote:

                       

                      Worst case, you could modify/customize the rhq-server.sh script to pass in some of these properties to run.sh via the -D
                      option that JBossAS supports and take out the values in the .properties file. I don't know anyone that had a need to do
                      this but I'm sure its doable.

                       

                      This could be a viable solution actually, but is it possible to do this in such a way that the properties being passed are not visible in the process table?

                       

                      Thanks,

                      Steven

                       

                      Okay, so I think I'm actually going to rule this option out unless anyone knows of a way to accomplish this.  As far as I can tell, I can't get the datasource to read from an environment variable, and if I pass in the information as a JVM system property, then it's visible in the process table.  If anyone else has any suggestions regarding this option, please let me know.

                       

                      So, if no one has any ideas on that one, I think I'm heading back towards the direction of utilizing some sort of LoginModule, DataSourceFactory, or Mbean that would allow me to remove the password and call an external class to retrieve it.  Does anyone know how to call a class from a datasource file?

                       

                      Thanks,

                      Steven