cayenne-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Gentry <blackn...@gmail.com>
Subject Re: Redacting db user name and password from XML
Date Tue, 19 Dec 2017 01:27:54 GMT
A disadvantage of this approach, though, is it puts the username/password
on the command-line and/or the process list, plus potentially exposes it in
command-line history, too.

mrg


On Mon, Dec 18, 2017 at 11:49 AM, Andrus Adamchik <andrus@objectstyle.org>
wrote:

> Hi Mark,
>
> We've done quite a bit of work in Cayenne to avoid complex things like
> PasswordEncoding or custom DataSourceFactories. If all that is needed is to
> change / define login credentials, the simplest way is via properties [1].
> [2] shows an example with a single DataNode. If you have more than one, you
> will need to add the project name and the DataNode name to the base
> property name. E.g.:
>
> export MY_USER=user
> export MY_PASSWORD=secret
>
> java -Dcayenne.jdbc.username.project.mynode=$MY_USER \
>      -Dcayenne.jdbc.password.project.mynode=$MY_PASSWORD \
>      -jar myapp.jar
>
>
> Hope this helps,
> Andrus
>
> [1] http://cayenne.apache.org/docs/4.0/cayenne-guide/
> configuration-properties.html
> [2] https://stackoverflow.com/questions/45781378/best-
> practice-to-manage-apache-cayenne-project-xml-file
>
>
>
> > On Dec 17, 2017, at 4:23 AM, Mark Hull <mark.mkgnao@gmail.com> wrote:
> >
> > I apologize if this question has been asked and answered before but:
> What is the best-practices solution to redact the database user name and
> password from an XML file created and used by Cayenne Modeler? The
> ServerRuntime build statement is simply:
> >
> > cayenneRuntime = ServerRuntime.builder()
> > .addConfig("com/hulles/a1icia/cayenne/cayenne-a1icia.xml")
> >             .build();
> >
> > It works just fine as long as the db user name and password are in the
> XML file, but I don't believe in leaving clear-text artifacts like that
> laying around in the code, so I want to add the user and password data at
> runtime from a Java method (not from an external file or an 'executable',
> whatever that means in the content of PasswordEncoding). Adding
> .user("xyz") and .password("zyx") to the build statement don't work,
> presumably because the DataNode is not the default and those statements
> just set their respective fields for the default DataNode.
> >
> > If I have to, I can create either a Module to change those properties
> somehow at runtime (though the documentation for doing so is, to be kind,
> sparse), somehow implement the PasswordEncoding (even less documentation,
> because I don't know where it's used), or just edit the XML at runtime
> (horrible choice but looking like the best of a bad lot at this point).
> >
> > All this seems like a lot of effort when I imagine this need must crop
> up fairly often among Cayenne users (it should, for security reasons IMO).
> Is there a simple standard way to do what I want? Or at least a standard
> way? I don't want to invent a new wheel here. I feel like I'm missing
> something obvious that everyone else knows about and that I just missed.
> Oh, by the way, whatever the solution is should still allow Cayenne Modeler
> to function normally.
> >
> > I promise I searched for the answer everywhere I could think of.
> StackOverflow had a couple answers that used deprecated methods and didn't
> work when I tried them.
> >
> > Thanks in advance for any help. I hope there's a really simple answer so
> I feel stupid but don't have to spend any more time on this than I have
> already. :)
> >
> > - Mark Hull
> >
> > /People say nothing is impossible, but I do nothing every day. - A. A.
> Milne/
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message