Return-Path: 
 <user-java-return-16675-apmail-ibatis-user-java-archive=ibatis.apache.org@ibatis.apache.org>
Delivered-To: apmail-ibatis-user-java-archive@www.apache.org
Received: (qmail 50484 invoked from network); 21 Apr 2009 14:51:13 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 21 Apr 2009 14:51:13 -0000
Received: (qmail 82322 invoked by uid 500); 21 Apr 2009 14:51:11 -0000
Delivered-To: apmail-ibatis-user-java-archive@ibatis.apache.org
Received: (qmail 82298 invoked by uid 500); 21 Apr 2009 14:51:11 -0000
Mailing-List: contact user-java-help@ibatis.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-java-help@ibatis.apache.org>
List-Unsubscribe: <mailto:user-java-unsubscribe@ibatis.apache.org>
List-Post: <mailto:user-java@ibatis.apache.org>
List-Id: <user-java.ibatis.apache.org>
Reply-To: user-java@ibatis.apache.org
Delivered-To: mailing list user-java@ibatis.apache.org
Received: (qmail 82290 invoked by uid 99); 21 Apr 2009 14:51:11 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 21 Apr 2009 14:51:11 +0000
X-ASF-Spam-Status: No, hits=2.2 required=10.0
	tests=HTML_MESSAGE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of brandon.goodin@gmail.com
 designates 209.85.220.175 as permitted sender)
Received: from [209.85.220.175] (HELO mail-fx0-f175.google.com)
 (209.85.220.175)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 21 Apr 2009 14:51:03 +0000
Received: by fxm23 with SMTP id 23so2739785fxm.0
        for <user-java@ibatis.apache.org>;
 Tue, 21 Apr 2009 07:50:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:in-reply-to:references
         :date:message-id:subject:from:to:content-type;
        bh=R5MVQ5Pwtt/o+C81AkRYFG6Fz1KxxzLOg035UHrKOFk=;
        b=S0zQ8oYjP2LoCIw/xI2CiMB3dCe1ycpYjNP0pHPxY/IpJ9jsSR+IK7A8lsKQQ3hiWv
         lvhTb4jrIKDxNKDWLlkiWOqONbj/49BO28esfvc2/PExuVGVEexpWdjFpyZMfE5MFkCo
         eZk3tfczDiZj0CIB2J2Yp+mMzoNxcqqAR741w=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        b=i8SK3A++9vw8OfeEcXeDEH1NLVnZthZh6NP5Ri8kdxS8YdIfOOzpSwfAQPf2NlkkHN
         NeJKxbm+kXHm9PitGu6gYJAtlwTr803/eFnDmfX/h2puxQtBV3YxuJdTi5CcDVU65jrI
         sxoGNKpWfPV0IM0yADuf/9XIAYVw9jHP9VeN0=
MIME-Version: 1.0
Received: by 10.223.103.133 with SMTP id k5mr2112314fao.23.1240325443549;
 Tue,
	21 Apr 2009 07:50:43 -0700 (PDT)
In-Reply-To: 
 <A10D083E1A10134BB76C536004A3616403734EA0@whqums.corp.gns.wheels.com>
References: 
 <A10D083E1A10134BB76C536004A3616403734EA0@whqums.corp.gns.wheels.com>
Date: Tue, 21 Apr 2009 09:50:43 -0500
Message-ID: <2fe5ef5b0904210750w64685c38p99d5a57413ac961f@mail.gmail.com>
Subject: Re: Sql Map file
From: Brandon Goodin <brandon.goodin@gmail.com>
To: user-java@ibatis.apache.org
Content-Type: multipart/alternative; boundary=001636c5a75877fa05046811c5e5
X-Virus-Checked: Checked by ClamAV on apache.org

--001636c5a75877fa05046811c5e5
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

You could use JNDI, or can extends the simple datasource and add your own
hashing. I'm not sure why you are that concerned about the password being in
there. If someone gets access to your WEB-INF folder and you don't want them
in there... you have bigger issues my friend. :)

Brandon


On Tue, Apr 21, 2009 at 9:42 AM, Jhaver, Rishi <RJhaver@wheels.com> wrote:

>  Hi
>
> I'm new to Ibatis and was wondering if anyone's faced this issue before.
> Couldn't find a solution on the website FAQs.
>
> I have the following in my sqlmapconfig file.
>
>   <transactionManager type="JDBC" commitRequired="false">
>     <dataSource type="SIMPLE">
>       <property name="JDBC.Driver"
> value="oracle.jdbc.driver.OracleDriver"/>
>       <property name="JDBC.ConnectionURL" value="jdbc:oracle:thin:@XXX1:
> 9999:XXX1"/>
>       <property name="JDBC.Username" value="XXX"/>
>       <property name="JDBC.Password" value="XXX"/>
>     </dataSource>
>   </transactionManager>
>  I dont want the user name and password to be exposed as clear text in a
> config file.
> Is there a way to hide this information, maybe by passing the information
> programmatically or using another way.
> My main concern is to not keep the user credentials in clear text in a
> config file.
>
>
> Thanks
> Rishi...
>
>

--001636c5a75877fa05046811c5e5
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

You could use JNDI, or can extends the simple datasource and add your own h=
ashing. I&#39;m not sure why you are that concerned about the password bein=
g in there. If someone gets access to your WEB-INF folder and you don&#39;t=
 want them in there... you have bigger issues my friend. :)<br>
<div><br clear=3D"all">Brandon<br>
<br><br><div class=3D"gmail_quote">On Tue, Apr 21, 2009 at 9:42 AM, Jhaver,=
 Rishi <span dir=3D"ltr">&lt;<a href=3D"mailto:RJhaver@wheels.com">RJhaver@=
wheels.com</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=
=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">




<div>
<div><span><font face=3D"Arial" size=3D"2">Hi</font></span></div>
<div><span><font face=3D"Arial" size=3D"2"></font></span>=A0</div>
<div><span><font face=3D"Arial" size=3D"2">I&#39;m new to Ibatis=20
and was wondering if anyone&#39;s faced this issue before.</font></span></d=
iv>
<div><span><font face=3D"Arial" size=3D"2">Couldn&#39;t find a=20
solution on the website FAQs.</font></span></div>
<div><span><font face=3D"Arial" size=3D"2"></font></span>=A0</div>
<div><span><font face=3D"Arial" size=3D"2">I have the following=20
in my sqlmapconfig file.</font></span></div>
<div><font face=3D"Arial" size=3D"2"></font>=A0</div>
<div><font face=3D"Arial" size=3D"2">=A0 &lt;transactionManager type=3D&quo=
t;JDBC&quot;=20
commitRequired=3D&quot;false&quot;&gt;<br>=A0=A0=A0 &lt;dataSource=20
type=3D&quot;SIMPLE&quot;&gt;<br>=A0=A0=A0=A0=A0 &lt;property=20
name=3D&quot;JDBC.Driver&quot;=20
value=3D&quot;oracle.jdbc.driver.OracleDriver&quot;/&gt;<br>=A0=A0=A0=A0=A0=
=20
&lt;property name=3D&quot;JDBC.ConnectionURL&quot; value=3D&quot;jdbc:oracl=
e:thin:@<span>XXX</span>1:<span>9999</span>:<span>XXX</span>1&quot;/&gt;<br=
>=A0=A0=A0=A0=A0=20
&lt;property name=3D&quot;JDBC.Username&quot; value=3D&quot;<span>XXX</span=
>&quot;/&gt;<br>=A0=A0=A0=A0=A0=20
&lt;property name=3D&quot;JDBC.Password&quot; value=3D&quot;<span>XXX</span=
>&quot;/&gt;<br>=A0=A0=A0=20
&lt;/dataSource&gt;<br>=A0 &lt;/transactionManager&gt;<br></font></div>
<div><font face=3D"Arial" size=3D"2">
<div><font size=3D"+0"><span><font face=3D"Arial" size=3D"2">I dont=20
want the user name and password to be exposed as clear text in a config=20
file.</font></span></font></div>
<div><font size=3D"+0"><span><font size=3D"2">Is there a way to=20
hide this information, maybe by passing the information=20
</font></span></font></div></font><font><span><font face=3D"Arial" size=3D"=
2">programmatically or using another=20
way.</font></span></font></div>
<div><font face=3D"Arial" size=3D"2"><span>My main concern is=20
to not keep the user credentials in clear text in a config=20
file.</span></font></div></div>
<div><font face=3D"Arial" size=3D"2"></font>=A0</div>
<div align=3D"left"><font face=3D"Arial" size=3D"2"></font>=A0</div>
<div align=3D"left"><font face=3D"Arial" size=3D"2">Thanks</font></div>
<div align=3D"left"><font face=3D"Arial" size=3D"2">Rishi...</font></div><f=
ont color=3D"#888888">
<div>=A0</div>
</font></blockquote></div><br></div>

--001636c5a75877fa05046811c5e5--