users@glassfish.java.net

Re: Securing JDBC password

From: Sivakumar Thyagarajan <Sivakumar.Thyagarajan_at_Sun.COM>
Date: Tue, 27 Nov 2007 15:33:20 +0530

> Is there some (preferably easy) solution for this?
>
> I know about aliases but how can I use them programatically?

You could use password-alias to create an alias for your password and then refer
to the alias in the JDBC connection pool
http://forums.java.net/jive/thread.jspa?threadID=15715

The JDBC connection pool and resource could be created programmatically using
AMX as described in
http://blogs.sun.com/JagadishPrasath/entry/creating_jdbc_connection_pool_resource

HTH.

Thanks
--Siva.

glassfish_at_javadesktop.org wrote:
> Hello,
>
> How can I protect password for JDBC connection pool?
>
> Our security policy requires database administrators to generate new password every few weeks and this password is encrypted into a file on filesystem.
>
> I can read this password and change resource pool password programatically but password is written into domain.xml in plain format which is forbiden.
>
> Is there some (preferably easy) solution for this?
>
> I know about aliases but how can I use them programatically?
>
> Thanks,
> Richard
> [Message sent by forum member 'cerveny_richard' (cerveny_richard)]
>
> http://forums.java.net/jive/thread.jspa?messageID=247306
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>