cayenne-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Hull <mark.mkg...@gmail.com>
Subject Redacting db user name and password from XML
Date Sun, 17 Dec 2017 01:23:12 GMT
I apologize if this question has been asked and answered before but: 
What is the best-practices solution to redact the database user name and 
password from an XML file created and used by Cayenne Modeler? The 
ServerRuntime build statement is simply:

cayenneRuntime = ServerRuntime.builder()
.addConfig("com/hulles/a1icia/cayenne/cayenne-a1icia.xml")
             .build();

It works just fine as long as the db user name and password are in the 
XML file, but I don't believe in leaving clear-text artifacts like that 
laying around in the code, so I want to add the user and password data 
at runtime from a Java method (not from an external file or an 
'executable', whatever that means in the content of PasswordEncoding). 
Adding .user("xyz") and .password("zyx") to the build statement don't 
work, presumably because the DataNode is not the default and those 
statements just set their respective fields for the default DataNode.

If I have to, I can create either a Module to change those properties 
somehow at runtime (though the documentation for doing so is, to be 
kind, sparse), somehow implement the PasswordEncoding (even less 
documentation, because I don't know where it's used), or just edit the 
XML at runtime (horrible choice but looking like the best of a bad lot 
at this point).

All this seems like a lot of effort when I imagine this need must crop 
up fairly often among Cayenne users (it should, for security reasons 
IMO). Is there a simple standard way to do what I want? Or at least a 
standard way? I don't want to invent a new wheel here. I feel like I'm 
missing something obvious that everyone else knows about and that I just 
missed. Oh, by the way, whatever the solution is should still allow 
Cayenne Modeler to function normally.

I promise I searched for the answer everywhere I could think of. 
StackOverflow had a couple answers that used deprecated methods and 
didn't work when I tried them.

Thanks in advance for any help. I hope there's a really simple answer so 
I feel stupid but don't have to spend any more time on this than I have 
already. :)

- Mark Hull

/People say nothing is impossible, but I do nothing every day. - A. A. 
Milne/

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message