ibatis-user-java mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jhaver, Rishi" <RJha...@wheels.com>
Subject Oracle connection objects
Date Wed, 22 Apr 2009 19:28:46 GMT
Thanks for all the responses.
If I'm looking to create a connection object from within the java code, 
- how do I create such a connection object from my code (that will work
with IBATIS). Do I need to use java.sql.Connection ? or something else ?
- can I use this object along with user name and pwd credentials to
connect to an oracle db.


From: Chris O'Connell [mailto:oconnell@gorillachicago.com] 
Sent: Tuesday, April 21, 2009 10:00 AM
To: user-java@ibatis.apache.org
Subject: Re: Sql Map file

I would suggest the appserver route.  In at least the version of
weblogic that I am using, the password is saved to the file system, but
it is encrypted in the config file.  If that isn't possible, just
encrypt the password yourself and put some decryption code in an
extension of the datasource. 

On Tue, Apr 21, 2009 at 9:49 AM, Alex Sherwin
<alex.sherwin@acadiasoft.com> wrote:

	Not sure about doing it programatically, but it's going to end
up being cleartext (or close to it) somewhere...
	For example when you use a connection pool in an app server, the
user/password ends up being plain text in your domains configuration
file...  I believe most people focus on securing the deployment so that
the files cannot be read by users without proper permissions 

	Jhaver, Rishi wrote:

		 I'm new to Ibatis and was wondering if anyone's faced
this issue before.
		Couldn't find a solution on the website FAQs.
		 I have the following in my sqlmapconfig file.
		   <transactionManager type="JDBC"
		   <dataSource type="SIMPLE">
		     <property name="JDBC.Driver"
		     <property name="JDBC.ConnectionURL"
		     <property name="JDBC.Username" value="XXX"/>
		     <property name="JDBC.Password" value="XXX"/>
		I dont want the user name and password to be exposed as
clear text in a config file.
		Is there a way to hide this information, maybe by
passing the information programmatically or using another way.
		My main concern is to not keep the user credentials in
clear text in a config file.

Chris O'Connell
Application Developer
312.243.8777 x19

View raw message