Mailing-List: contact user-help@cayenne.apache.org; run by ezmlm
Precedence: bulk
Reply-To: user@cayenne.apache.org
From: Andrus Adamchik <andrus@objectstyle.org>
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Subject: Re: Redacting db user name and password from XML
Date: Mon, 18 Dec 2017 19:49:04 +0300
References: <6b2d9aa1-7efc-1b02-48a3-9ec40c5108cc@gmail.com>
To: user@cayenne.apache.org
In-Reply-To: <6b2d9aa1-7efc-1b02-48a3-9ec40c5108cc@gmail.com>
Message-Id: <855C0FAF-8633-4A44-9B24-2438D4BF8D87@objectstyle.org>
archived-at: Mon, 18 Dec 2017 16:49:10 -0000

Hi Mark,

We've done quite a bit of work in Cayenne to avoid complex things like =
PasswordEncoding or custom DataSourceFactories. If all that is needed is =
to change / define login credentials, the simplest way is via properties =
[1]. [2] shows an example with a single DataNode. If you have more than =
one, you will need to add the project name and the DataNode name to the =
base property name. E.g.:

export MY_USER=3Duser
export MY_PASSWORD=3Dsecret

java -Dcayenne.jdbc.username.project.mynode=3D$MY_USER \
     -Dcayenne.jdbc.password.project.mynode=3D$MY_PASSWORD \
     -jar myapp.jar=20


Hope this helps,
Andrus

[1] =
http://cayenne.apache.org/docs/4.0/cayenne-guide/configuration-properties.=
html
[2] =
https://stackoverflow.com/questions/45781378/best-practice-to-manage-apach=
e-cayenne-project-xml-file


> On Dec 17, 2017, at 4:23 AM, Mark Hull <mark.mkgnao@gmail.com> wrote:
>=20
> I apologize if this question has been asked and answered before but: =
What is the best-practices solution to redact the database user name and =
password from an XML file created and used by Cayenne Modeler? The =
ServerRuntime build statement is simply:
>=20
> cayenneRuntime =3D ServerRuntime.builder()
> .addConfig("com/hulles/a1icia/cayenne/cayenne-a1icia.xml")
>             .build();
>=20
> It works just fine as long as the db user name and password are in the =
XML file, but I don't believe in leaving clear-text artifacts like that =
laying around in the code, so I want to add the user and password data =
at runtime from a Java method (not from an external file or an =
'executable', whatever that means in the content of PasswordEncoding). =
Adding .user("xyz") and .password("zyx") to the build statement don't =
work, presumably because the DataNode is not the default and those =
statements just set their respective fields for the default DataNode.
>=20
> If I have to, I can create either a Module to change those properties =
somehow at runtime (though the documentation for doing so is, to be =
kind, sparse), somehow implement the PasswordEncoding (even less =
documentation, because I don't know where it's used), or just edit the =
XML at runtime (horrible choice but looking like the best of a bad lot =
at this point).
>=20
> All this seems like a lot of effort when I imagine this need must crop =
up fairly often among Cayenne users (it should, for security reasons =
IMO). Is there a simple standard way to do what I want? Or at least a =
standard way? I don't want to invent a new wheel here. I feel like I'm =
missing something obvious that everyone else knows about and that I just =
missed. Oh, by the way, whatever the solution is should still allow =
Cayenne Modeler to function normally.
>=20
> I promise I searched for the answer everywhere I could think of. =
StackOverflow had a couple answers that used deprecated methods and =
didn't work when I tried them.
>=20
> Thanks in advance for any help. I hope there's a really simple answer =
so I feel stupid but don't have to spend any more time on this than I =
have already. :)
>=20
> - Mark Hull
>=20
> /People say nothing is impossible, but I do nothing every day. - A. A. =
Milne/