2 Replies Latest reply on Apr 26, 2007 1:53 PM by cchee

Using encrypted passwords in datasource config files directl

mskonda Apr 4, 2007 9:03 AM

I am wondeirng if there's any alternative to encrypt datasource passwords?

I have followed http://wiki.jboss.org/wiki/Wiki.jsp?page=EncryptingDataSourcePasswords the link. However, my requirement is slightly variant.

My requirement is to create the *-ds.xml with encrypted password quoted in the file itself.

For example, the user-name and encrypted password are provided in the following config:

<datasources>
 <local-tx-datasource>
 ....
 <user-name>myUser</user-name>
 <password>my-encrypted-password</password>
 ...
 </local-tx-datasource>
</datasources>

I expect JBoss to read the encrypted password, decrypt it and then create the Datasource. BUT is this possible???

So, can we provide an encrypted password in the *-ds.xml file itself so it can be decrypted?

Any pointers much appreciated

Thanks
/Madhu

1. Re: Using encrypted passwords in datasource config files dir

fhh Apr 5, 2007 5:38 AM (in response to mskonda)

I expect JBoss to read the encrypted password, decrypt it and then create the Datasource.

The application server has to obtain the password to decrypt the actual datasource password from somewhere. That is what the wiki page is all about.

Regards

Felix
Actions
2. Re: Using encrypted passwords in datasource config files dir

cchee Apr 26, 2007 1:53 PM (in response to mskonda)

Or you can take the user type password and ran it through one way encryption (e.g. md5) and compare that hash with what is stored in the database. It is probably safer. One caveat: If your user forgot their password, the password has to be reset and then send to them. After they got in, they can still change the password to something they can remember.
Actions

Go to original post