Announcement

Collapse
No announcement yet.
X
  • Filter
  • Time
Clear All
new posts

  • DB password encryption

    How do I encrypt the clear text password from the server.properties file?


    sql.Oracle.driver.url: jdbc:oracle:thin:@***
    sql.Oracle.driver.password: *****

  • #2
    This is not generally a security concern, since if an attacker can read this file he has already compromised your system. However, if you're concerned about this anyway, use JNDI-based configuration instead, or use the server-side Config class to inject the credentials dynamically after loading them some other way.

    Comment


    • #3
      I understand what you are saying about the issue mute once someone already gotten to the config file. But our security group will not bless my app unless the password is hashed up somehow. Can you show me how to do the later approach?

      I think something like what Hibernate did with Jasypt. I got that to work. I just need to find out where I can inject the connection password.

      Thannks,

      Comment


      • #4
        Two solutions have already been provided in post #2 above.

        Comment


        • #5
          yes, I need to find out what your server side config class is where I can do the injection?

          Comment

          Working...
          X