openjpa-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Curtis (JIRA)" <>
Subject [jira] Updated: (OPENJPA-1089) Provide for password encryption within persistence.xml
Date Mon, 03 Aug 2009 15:55:14 GMT


Rick Curtis updated OPENJPA-1089:

    Attachment: OPENJPA-1089-2.patch

Pinaki -- I'll be glad to commit the patch as soon as I'm a committer :-)

Donald - Do you think we need to be more explicit in stating what are valid characters for
encrypted passwords? Will the requirement that an encrypted password must be a string be strict

OPENJPA-1089-2.patch includes a minor update to the javadoc on the EncryptionProvider interface
and it also includes new docs.

> Provide for password encryption within persistence.xml
> ------------------------------------------------------
>                 Key: OPENJPA-1089
>                 URL:
>             Project: OpenJPA
>          Issue Type: New Feature
>          Components: jpa
>    Affects Versions: 1.3.0, 2.0.0-M2
>            Reporter: Kevin Sutter
>            Assignee: Donald Woods
>             Fix For: 2.0.0
>         Attachments: OPENJPA-1089-2.patch, OPENJPA-1089.PATCH
> A recent discussion on our users forum [1] has surfaced (again) the need to encrypt the
password fields in the persistence.xml.  In the particular scenario outlined in the posting,
this user wanted to encrypt the password sent into Apache DBCP via the url string.  In my
mind, that's a separate problem related to DBCP.
> But, OpenJPA has openjpa.Connection*Password properties that could be encrypted.  And,
the new JPA 2 spec outlines a javax.persistence.jdbc.password property that would be nice
to encrypt.
> I'm opening this Issue as a Feature request, but it could also be considered a bug since
a non-jndi environment is crippled from a security standpoint.
> [1]

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message