cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stu Baurmann <>
Subject Securing JDBC credentials that are stored in cocoon.xconf
Date Wed, 20 Feb 2008 22:38:52 GMT

Howdy folks,

We are currently using Cocoon 2.1.10, and we have numerous cocoon
installations that use JDBC.  
We love the convenience of embedding a block like this into our cocoon.xconf
to set up a connection:

	<jdbc name="sqlConn">

BUT, using this approach means our SQL login information is stored
unencrypted in a text file on the server.
Of course, if we move the user/password to some encrypted storage location,
we are still going to
have to make a decryption key available to the software, but we might be
able to hide that key somewhat
better than this block.  (Place it in a compiled java class, for example. 
If you have a better idea,
I'd love to hear it).  

Has anyone else tried to create a SecurelyConfiguredDatasource, or have some
suggestions on how
I could most easily build one?  

I'm guessing the implementation might have to change a lot for Cocoon 2.2,
so perhaps I'm better off
waiting and solving the problem against that codeline?  

View this message in context:
Sent from the Cocoon - Users mailing list archive at

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message