ibatis-user-java mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris O'Connell" <oconn...@gorillachicago.com>
Subject Re: Sql Map file
Date Tue, 21 Apr 2009 15:00:05 GMT
I would suggest the appserver route.  In at least the version of weblogic
that I am using, the password is saved to the file system, but it is
encrypted in the config file.  If that isn't possible, just encrypt the
password yourself and put some decryption code in an extension of the
On Tue, Apr 21, 2009 at 9:49 AM, Alex Sherwin

> Not sure about doing it programatically, but it's going to end up being
> cleartext (or close to it) somewhere...
> For example when you use a connection pool in an app server, the
> user/password ends up being plain text in your domains configuration file...
>  I believe most people focus on securing the deployment so that the files
> cannot be read by users without proper permissions
> Jhaver, Rishi wrote:
>> Hi
>>  I'm new to Ibatis and was wondering if anyone's faced this issue before.
>> Couldn't find a solution on the website FAQs.
>>  I have the following in my sqlmapconfig file.
>>    <transactionManager type="JDBC" commitRequired="false">
>>    <dataSource type="SIMPLE">
>>      <property name="JDBC.Driver"
>> value="oracle.jdbc.driver.OracleDriver"/>
>>      <property name="JDBC.ConnectionURL" value="jdbc:oracle:thin:@XXX1
>> :9999:XXX1"/>
>>      <property name="JDBC.Username" value="XXX"/>
>>      <property name="JDBC.Password" value="XXX"/>
>>    </dataSource>
>>  </transactionManager>
>> I dont want the user name and password to be exposed as clear text in a
>> config file.
>> Is there a way to hide this information, maybe by passing the information
>> programmatically or using another way.
>> My main concern is to not keep the user credentials in clear text in a
>> config file.
>>   Thanks
>> Rishi...

Chris O'Connell
Application Developer
312.243.8777 x19

View raw message