1 Reply Latest reply on Feb 7, 2004 1:49 AM by Scott Stark

    how to encode database password in descriptor mysql-ds.xml f

    cuputur Newbie

       

      "cuputur" wrote:
      I guess the question should be here:

      Dear JBOSS:

      I am using JBOSS 3.2.3 and MySql 4.0.16.

      Under the directory:
      $JBOSS_HOME/server/default/deploy, there is a file "mysql-ds.xml":

      The file has something like the following:
      ......................................................

      <local-tx-datasource>
      <jndi-name>MySqlDS</jndi-name>
      <connection-url>jdbc:mysql://localhost:3306/authority</connection-url>
      <driver-class>org.gjt.mm.mysql.Driver</driver-class>
      <user-name>test</user-name>
      test123
      </local-tx-datasource>

      ..................................................................


      Since the database user-name("test") and password("test123") are plain texts, these are big security flaws. Anybody who can read this
      file can use this user-name and password to do anything with the database.

      How can we encode the password so that even people can read this file, but can't get the original password?

      Could somebody provide a sample configuration file "mysql-ds.xml" and related files?

      Thanks a million,

      Jerry