Thanks for your information.
Using the proposed method, the database password can be encrypted and not readable in the config file. However, by using JNDI lookup for the datasource, then call getConnection using the return datasource, a connection will be created to access the database even though the password is unknown. Is this correct?
Is it possible to specify connection information in say jbosscmp-jdbc.xml?
They can only do that if they can deploy it in the relevant security domain (I believe).
Bottom line is they can use a command line SQL tool to access the database. Sounds like the security you need belongs in the database too.
Also if they have access to the deployment descriptors, they can just change the method-permission.
Sounds like you need to restrict access to the production server and have the application deployer be a trusted member of staff.
I'm interested to see what outcome you have.
Actually, i am new to J2EE Application server and just develop a simple application. What i am thinking is:
In the development environment, jmx-console is not protected and each programmer can use the JNDIViewer to obtain the JNDI name defined for the datasource. Afterward, a simple JSP may be developed and then deployed (thru formal procedure since the boss do not know what the JSP is all about) to production server. If production environment is the same as testing (respect to JNDI naming), the JSP can be used to access restricted information.
On the other hand, deployment descriptor for production server may not be so easily accessible.
1) The jmx-console web app should be secured like any other web app
I'll think about other things later.