2 Replies Latest reply on Sep 2, 2011 10:41 AM by Randall Hauch

    Modeshape configuration file and passwords

    sjahan Newbie

      Hi,

       

      I would like to know if i have to store the passwords for my connectors in clear text in the configuration file.

      Is there a way to read it from another place, or to get this encrypted or something?

       

      Thank you very much,

       

      SJ.

        • 1. Re: Modeshape configuration file and passwords
          Danny C Newbie

                For JpaSource connector I am storing username & password in App Server using dataSourceJndiName. For Repository user authentication & authorization, I am storing user credential in App Server using Jaas realm, by using FileRealm, the password is in Hash form. But one can implement custom realm to secure the credential in any form or datasource. 

          • 2. Re: Modeshape configuration file and passwords
            Randall Hauch Master

            When deployed within an app server and using JPA, using the app server to manage your data sources is absolutely the best way to do that.

             

            Outside of the app server, however, you can leave the passwords out of the configuration file, use the JcrConfiguration class to load the configuration file and set the value(s) programmatically, and then start the engine. This approach allows you to get the password from any system (e.g., a keystore, encrypted file, etc.).