Return-Path: Delivered-To: apmail-directory-dev-archive@www.apache.org Received: (qmail 84210 invoked from network); 11 Apr 2007 20:14:14 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 11 Apr 2007 20:14:14 -0000 Received: (qmail 23575 invoked by uid 500); 11 Apr 2007 20:14:20 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 23393 invoked by uid 500); 11 Apr 2007 20:14:19 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 23382 invoked by uid 99); 11 Apr 2007 20:14:18 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Apr 2007 13:14:18 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of ole.ersoy@gmail.com designates 66.249.82.227 as permitted sender) Received: from [66.249.82.227] (HELO wx-out-0506.google.com) (66.249.82.227) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Apr 2007 13:14:12 -0700 Received: by wx-out-0506.google.com with SMTP id h31so334611wxd for ; Wed, 11 Apr 2007 13:13:51 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding; b=aZ2Okbyand72q1ht+AZ/7VKENPZbvQ3LQaSi3wHyxrUHFFt/yg//hQTGD8KIcEAeAz2lAS2IYDtA/E4lzRcTtMVp03Mb6UftWDcF/HDFluKEQBgOHKrSDBQPEnZAYuiVL+hZgsiaQzKEYJNgQCONoz8c883zVdaNAPE2quAsOCY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding; b=dGDQdBHzMTYX8Py/ynzdSW0gOXla7RZdHzan2qa06fmP4dNybhtx/i6kLyauxi/rD5+ohTEkcLQOw1R4CrAzBsxgKG/2/qaqyCHmO/s8G2X2Kyh8TKST3VIV9Yh3lHSlvVgBHDwjBx7JEgl95puVgBxHZKe/cnHnY1d65gtDNME= Received: by 10.70.129.4 with SMTP id b4mr1876405wxd.1176322428632; Wed, 11 Apr 2007 13:13:48 -0700 (PDT) Received: from ?192.168.1.24? ( [24.13.179.233]) by mx.google.com with ESMTP id 6sm740257nzn.2007.04.11.13.13.39; Wed, 11 Apr 2007 13:13:45 -0700 (PDT) Message-ID: <461D406D.4010401@gmail.com> Date: Wed, 11 Apr 2007 15:09:17 -0500 From: Ole Ersoy User-Agent: Thunderbird 1.5.0.10 (X11/20070302) MIME-Version: 1.0 To: Apache Directory Developers List Subject: [DAS] Password Encryption Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Hey Guys, The DAS reads the JNDI connection's password form the DAS's configuration file. Right now I have the default set to "secret", in plain text. I'm thinking there should be a small utility that comes with the DAS that generates a checksum (md5, sha1) of the password that the user wants, and then the user puts that in the configuration file. After the DAS reads the configuration file, it decrypts the password and adds it to the environment map used by the connection. Ideally the property used to store the decrypted password is write only. I think java security has some stuff for that, but I gotta investigate. Sound ok? Thanks, - Ole