cayenne-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Hull <mark.mkg...@gmail.com>
Subject Re: Redacting db user name and password from XML
Date Mon, 18 Dec 2017 14:48:38 GMT
Thanks lots for responding. The application, or at least this part of 
the application, is a classic, plain old Java desktop application. I've 
used JNDI in the past with Tomcat as you say, and in ancient times I 
used raw JNDI and MySQL with a desktop application like the one I 
working on now. However, using JNDI here without a container like Tomcat 
would be non-trivial to implement, and I really want trivial. Raw JNDI 
gives me a migraine, and I don't think it's the right solution here. I 
just like so much that I can code a few lines, use the Cayenne Modeler 
to re-engineer my database, and I'm good to go -- except for the XML 
file, of course.

So yes, if you could guide me toward a different solution that would be 
wonderful.

If you're curious about the application, you can find it (in a very raw 
state, I'm in the process of moving things up to GitHub) at 
https://github.com/markhull/A1icia. A1iciaCayenne 
<https://github.com/markhull/A1icia/tree/master/A1icia%20Cayenne/src/com/hulles/a1icia/cayenne>

is the module that happily feeds MySQL data objects to the rest of the 
application; it's packaged as a quasi-standalone JAR file, which is one 
of the reasons I don't want to add a lot of overhead to that part of the 
application. It also contains the XML file with the test database user 
name and password in it; I got tired of X'ing it out for each commit so 
I'll just change it later. :)

Thank you again,

Mark Hull


On 12/18/2017 06:51 AM, Michael Gentry wrote:
> Hi Mark,
>
> What type of application are you developing?  For web applications, which
> I'd imagine are the most common cases, using a JNDI DataSource is the way
> to go.  Your container (Tomcat, Jetty, etc) will provide database
> connection services to Cayenne through a JNDI lookup.  If you aren't
> developing a web application, we can guide you toward a different solution.
>
> Thanks,
>
> mrg
>
>
> On Sat, Dec 16, 2017 at 8:23 PM, Mark Hull <mark.mkgnao@gmail.com> wrote:
>
>> I apologize if this question has been asked and answered before but: What
>> is the best-practices solution to redact the database user name and
>> password from an XML file created and used by Cayenne Modeler? The
>> ServerRuntime build statement is simply:
>>
>> cayenneRuntime = ServerRuntime.builder()
>> .addConfig("com/hulles/a1icia/cayenne/cayenne-a1icia.xml")
>>              .build();
>>
>> It works just fine as long as the db user name and password are in the XML
>> file, but I don't believe in leaving clear-text artifacts like that laying
>> around in the code, so I want to add the user and password data at runtime
>> from a Java method (not from an external file or an 'executable', whatever
>> that means in the content of PasswordEncoding). Adding .user("xyz") and
>> .password("zyx") to the build statement don't work, presumably because the
>> DataNode is not the default and those statements just set their respective
>> fields for the default DataNode.
>>
>> If I have to, I can create either a Module to change those properties
>> somehow at runtime (though the documentation for doing so is, to be kind,
>> sparse), somehow implement the PasswordEncoding (even less documentation,
>> because I don't know where it's used), or just edit the XML at runtime
>> (horrible choice but looking like the best of a bad lot at this point).
>>
>> All this seems like a lot of effort when I imagine this need must crop up
>> fairly often among Cayenne users (it should, for security reasons IMO). Is
>> there a simple standard way to do what I want? Or at least a standard way?
>> I don't want to invent a new wheel here. I feel like I'm missing something
>> obvious that everyone else knows about and that I just missed. Oh, by the
>> way, whatever the solution is should still allow Cayenne Modeler to
>> function normally.
>>
>> I promise I searched for the answer everywhere I could think of.
>> StackOverflow had a couple answers that used deprecated methods and didn't
>> work when I tried them.
>>
>> Thanks in advance for any help. I hope there's a really simple answer so I
>> feel stupid but don't have to spend any more time on this than I have
>> already. :)
>>
>> - Mark Hull
>>
>> /People say nothing is impossible, but I do nothing every day. - A. A.
>> Milne/
>>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message