continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jan Ancajas" <jansqua...@gmail.com>
Subject Securing DataSource password
Date Fri, 07 Nov 2008 02:18:38 GMT
Hi,

Experimented a bit on my local copy about obfuscating password in
jetty-env.xml.  I created an adapter for the DataSource  and created
another field for the obfuscated password. During the setting of the
obfuscated password it will then invoke  "setPassword" method from
vendor specific DataSource through reflection. I use the obfuscation
from jetty [1]

Original Entry :

<New id="continuum" class="org.mortbay.jetty.plus.naming.Resource">
  <Arg>jdbc/continuum</Arg>
  <Arg>
    <New class="com.mysql.jdbc.jdbc2.optional.MysqlConnectionPoolDataSource">
      <Set name="serverName">localhost</Set>
      <Set name="databaseName">maestro_continuum</Set>
      <Set name="user">root</Set>
      <Set name="password">admin123</Set>
    </New>
  </Arg>
</New>


Modified Entry :

<New id="continuum" class="org.mortbay.jetty.plus.naming.Resource">
  <Arg>jdbc/continuum</Arg>
  <Arg>
    <New class="org.apache.maven.continuum.utils.SecuredDataSourceAdapter">
      <Set name="dataSource">
        <New class="com.mysql.jdbc.jdbc2.optional.MysqlConnectionPoolDataSource">
        <Set name="serverName">localhost</Set>
        <Set name="databaseName">maestro_continuum</Set>
        <Set name="user">root</Set>
        <!--Set name="password">admin123</Set-->
      </New>

      </Set>
      <Set name="password">OBF:1igd1iup1kfv1vne1vno1kcj1irx1idt</Set>
    </New>
</New>


Any comments on these approach ?

Thanks.

[1]http://docs.codehaus.org/display/JETTY/Securing+Passwords

Mime
View raw message