cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Derek Hohls" <DHo...@csir.co.za>
Subject Cocoon 1: Properties: Database Settings
Date Wed, 29 Aug 2001 13:58:59 GMT
In the Cocoon 1properties file there is a setting:

# processor.xsp.pool.database.default.driver=oracle.jdbc.driver.OracleDriver
# processor.xsp.pool.database.default.url=jdbc:oracle:thin:@localhost:
# processor.xsp.pool.database.default.username=dbUser
# processor.xsp.pool.database.default.password=dbPass

Is it possible to add other "non default" databases - if so, how, and then how would these
be referenced by ESQL; would one use:

<esql:pool>my_connection</esql:pool>

Thanks
Derek.

>>> chris.newland@emorphia.com 29/08/2001 03:18:08 >>>
Hi Derek,

I didn't get as far as ESQL when I used to use Cocoon 1 but I'm almost
certain that it supports connection pooling. I think there is an option in
cocoon.properties but I'd recommend you check the Cocoon 1 FAQ and the
mailing list archive.

Regards,

Chris

-----Original Message-----
From: Derek Hohls [mailto:DHohls@csir.co.za]
Sent: 29 August 2001 14:08
To: cocoon-users@xml.apache.org
Subject: RE: DB-password clear text - what alternatives?


Chris

Thanks - the code is very clear... just one small problem : I am still using
Cocoon 1.8 (and am likely to for a while, for various reasons) - would this
also work in that version?

Derek

>>> chris.newland@emorphia.com 29/08/2001 10:55:23 >>>
Hi Derek,

The cocoon.xconf file is the main cocoon 2 configuration file and it is
located in the <cocoon>/webapp directory.

I use connection pooling to access my database and I describe the connection
in my cocoon.xconf file:

<datasources>
    <jdbc name="my_connection">
        <dburl>jdbc:mysql://localhost:3306/my_database_name</dburl>
        <user>my_db_user</user>
        <password>not_telling_you</password>
    </jdbc>
</datasources>

Then in each XSP page that accesses the database I do not need to put my
database name or password into the page, I just specify the connection that
is described in cocoon.xconf:

<esql:connection>
    <esql:pool>my_connection</esql:pool>
        <esql:execute-query>
            <esql:query>
                blah blah blah ....

'localhost' is an alias for the IP address 127.0.0.1 which refers to the
local machine. i.e. the database server is on the same machine as cocoon 2.

Hope this helps,

Best Regards,

Chris


-----Original Message-----
From: Derek Hohls [mailto:DHohls@csir.co.za]
Sent: 29 August 2001 07:21
To: cocoon-users@xml.apache.org
Subject: DB-password clear text - what alternatives?


Please expand on the hints below... there are few areas that are not clear
to me yet - at the moment all my passwords are stored in the xml file that
makes the calls to the db  e.g.

  String DBPass = "password";
...
  <esql:password><xsp:expr>DBPass</xsp:expr></esql:password>

and I am worried that as the xml file is readable (normally, indirectly, but
there are no guarantees here), that someone could find a way of displaying
its contents.

What is a ' localhost loopback' and what/where is the 'cocoon.xconf' and how
would you use either/both to replace the above system?  Please include code
snippets if at all possible...

Thanks
Derek

>>> Martin.Man@seznam.cz 28/08/2001 10:38:55 >>>
On Tue, Aug 28, 2001 at 11:21:45AM +0200, Enke Michael wrote:
> Hi!
> Is there a possibility or would it be
> easy to implement to have the DB password
> encrypted in some kind (in *.xsp or cocoon.xconf)?
as long as the direct JDBC connection requires plaintext passwords (and yes
all existing JDBC driver implementations require plaintext) it's absolutely
useless to add encryption to another layer.

anyway passwords are stored in a file on the server and JDBC connection is
usually made via localhost loopback, therefore password sniffing is almost
impossible and cocoon.xconf or whichever file the password actually contains
is not readable by ordinary users via web...


> This doesn't mean a state of the art
> encryption (too complicated!?), but only
> that not everybody can have direct access
> to the database.
don't get this, if there is a password that only admin knows, then
anyone who does not know it does not have the access to
the database or am I wrong ???


>
> Regards,
> Michael
>

rgds,
martin
--
----------------------------------------------------------------------------
---
"Only dead fish swims with a stream"                         Malcolm
Muggeridge
gpg_key_available: http://globales.cz/~mman/martin.man.gpg
gpg_key_fingerprint: 2CC0 4AF6 92DA 5CBF 5F09  7BCB 6202 7024 6E06 0223

---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>

To unsubscribe, e-mail: <cocoon-users-unsubscribe@xml.apache.org>
For additional commands, e-mail: <cocoon-users-help@xml.apache.org>



---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>

To unsubscribe, e-mail: <cocoon-users-unsubscribe@xml.apache.org>
For additional commands, e-mail: <cocoon-users-help@xml.apache.org>



---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>

To unsubscribe, e-mail: <cocoon-users-unsubscribe@xml.apache.org>
For additional commands, e-mail: <cocoon-users-help@xml.apache.org>

Mime
View raw message