ibatis-user-java mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Sherwin <alex.sher...@acadiasoft.com>
Subject Re: Sql Map file
Date Tue, 21 Apr 2009 14:49:53 GMT
Not sure about doing it programatically, but it's going to end up being 
cleartext (or close to it) somewhere...

For example when you use a connection pool in an app server, the 
user/password ends up being plain text in your domains configuration 
file...  I believe most people focus on securing the deployment so that 
the files cannot be read by users without proper permissions

Jhaver, Rishi wrote:
> Hi
> I'm new to Ibatis and was wondering if anyone's faced this issue before.
> Couldn't find a solution on the website FAQs.
> I have the following in my sqlmapconfig file.
>   <transactionManager type="JDBC" commitRequired="false">
>     <dataSource type="SIMPLE">
>       <property name="JDBC.Driver" 
> value="oracle.jdbc.driver.OracleDriver"/>
>       <property name="JDBC.ConnectionURL" 
> value="jdbc:oracle:thin:@XXX1:9999:XXX1"/>
>       <property name="JDBC.Username" value="XXX"/>
>       <property name="JDBC.Password" value="XXX"/>
>     </dataSource>
>   </transactionManager>
> I dont want the user name and password to be exposed as clear text in 
> a config file.
> Is there a way to hide this information, maybe by passing the 
> information programmatically or using another way.
> My main concern is to not keep the user credentials in clear text in a 
> config file.
> Thanks
> Rishi...

View raw message