Which version of JBoss are you using?
I have thought about using it in the SQL that is called when a connection is created but the whole reason for using app roles is so no one knows they are being used. Make any sense?
It is possible in the -ds.xml to specify some SQL to be executed when a new connection is created, is this what you are looking for or what you are trying to avoid?
The problem is we connect to the database with one id with no privileges then switch to an app role which has all of the table privileges. I could execute a stored procedure in the
<new-connection-sql>but the fear among our security people is if someone hacks our server, decryts the connection user password then all they have to do is execute the stored procedure to gain full access to the table.
I know, this is a long stretch but our security people view it as a real threat. :-( I think it's a load of bs!
And we are on 4.0.1sp1
Moved to the security forum.
A basic understanding of security should tell you that unless you force
the user booting JBoss to enter a password or some other credential
your problem is unsolvable.
Static preconfiguration of credentials can always be hacked.
It depends who you trust with the credential.
"Security is a process, not a technology".
I could not agree more. I am just trying to satisfy people who think you can create systems that are unbreechable.