2 Replies Latest reply on Sep 2, 2011 10:41 AM by rhauch

    Modeshape configuration file and passwords

    sjahan

      Hi,

       

      I would like to know if i have to store the passwords for my connectors in clear text in the configuration file.

      Is there a way to read it from another place, or to get this encrypted or something?

       

      Thank you very much,

       

      SJ.

        • 1. Re: Modeshape configuration file and passwords
          penkween

                For JpaSource connector I am storing username & password in App Server using dataSourceJndiName. For Repository user authentication & authorization, I am storing user credential in App Server using Jaas realm, by using FileRealm, the password is in Hash form. But one can implement custom realm to secure the credential in any form or datasource. 

          • 2. Re: Modeshape configuration file and passwords
            rhauch

            When deployed within an app server and using JPA, using the app server to manage your data sources is absolutely the best way to do that.

             

            Outside of the app server, however, you can leave the passwords out of the configuration file, use the JcrConfiguration class to load the configuration file and set the value(s) programmatically, and then start the engine. This approach allows you to get the password from any system (e.g., a keystore, encrypted file, etc.).