DB password encryption

ttran · #1 13th Jan 2012, 11:07

How do I encrypt the clear text password from the server.properties file?

sql.Oracle.driver.url: jdbc:oracle:thin:@***
sql.Oracle.driver.password: *****

Isomorphic · #2 13th Jan 2012, 14:31

This is not generally a security concern, since if an attacker can read this file he has already compromised your system. However, if you're concerned about this anyway, use JNDI-based configuration instead, or use the server-side Config class to inject the credentials dynamically after loading them some other way.

ttran · #3 2nd Mar 2012, 11:50

I understand what you are saying about the issue mute once someone already gotten to the config file. But our security group will not bless my app unless the password is hashed up somehow. Can you show me how to do the later approach?

I think something like what Hibernate did with Jasypt. I got that to work. I just need to find out where I can inject the connection password.

Thannks,

Isomorphic · #4 2nd Mar 2012, 12:15

Two solutions have already been provided in post #2 above.

ttran · #5 6th Mar 2012, 06:31

yes, I need to find out what your server side config class is where I can do the injection?

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
How TO relogin with SpringSecurity 3.0	hanishi	Smart GWT Technical Q&A	47	4th Oct 2012 13:09
Browser is not prompting to save password for password type fields.	spant	Technical Q&A	3	14th Nov 2011 11:02
Remember password funtionality	akhila	Smart GWT Technical Q&A	1	23rd Feb 2010 06:49
problem in getting data source from oracle db	ram.seagreen	Smart GWT Technical Q&A	1	22nd Jan 2010 05:13
Password field showing the values in a list grid	rajadurai	Technical Q&A	2	23rd May 2007 08:23