openjpa-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevin Sutter (JIRA)" <j...@apache.org>
Subject [jira] Created: (OPENJPA-1089) Provide for password encryption within persistence.xml
Date Fri, 15 May 2009 14:56:45 GMT
Provide for password encryption within persistence.xml
------------------------------------------------------

                 Key: OPENJPA-1089
                 URL: https://issues.apache.org/jira/browse/OPENJPA-1089
             Project: OpenJPA
          Issue Type: New Feature
          Components: jpa
    Affects Versions: 1.3.0, 2.0.0
            Reporter: Kevin Sutter


A recent discussion on our users forum [1] has surfaced (again) the need to encrypt the password
fields in the persistence.xml.  In the particular scenario outlined in the posting, this user
wanted to encrypt the password sent into Apache DBCP via the url string.  In my mind, that's
a separate problem related to DBCP.

But, OpenJPA has openjpa.Connection*Password properties that could be encrypted.  And, the
new JPA 2 spec outlines a javax.persistence.jdbc.password property that would be nice to encrypt.

I'm opening this Issue as a Feature request, but it could also be considered a bug since a
non-jndi environment is crippled from a security standpoint.




[1]  http://n2.nabble.com/How-to-encrypt-DB-password-in-persistence.xml-td2868212.html

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message