I think I've found the answer: keystore.jks
http://wiki.glassfish.java.net/attach/GlassFishAdministrationPages/aliased-passwords.html
If the keystore's default password is not changed, the keys inside can
be compromised.
Ryan
Ryan de Laplante wrote:
> I created a password alias and set the JCA property value to
> ${ALIAS=my-alias-name}, then restarted the app server. My app
> continues to work. Excellent!
>
> Can someone tell me where the encrypted password is stored? If
> someone gets the GlassFish source code, can they use that to figure
> out how to decrypt my password? I would say yes, since GlassFish does
> exactly that.
>
>
> Thanks,
> Ryan
>
>
> Ryan de Laplante wrote:
>> Thank you, I'll give it a try
>>
>>
>> Jagadish Prasath Ramu wrote:
>>> Connection pool properties can be seen in domain.xml.
>>>
>>> GlassFish_Home/domains/<domainname>/config/domain.xml
>>>
>>> If you need to encrypt the password, you can use "password-alias"
>>>
>>> https://glassfish.dev.java.net/javaee5/docs/AG/ablnk.html#ablnp
>>>
>>> "create-password-alias"
>>> http://docs.sun.com/app/docs/doc/819-3675/create-password-alias-1?a=view
>>>
>>>
>>> Thanks,
>>> -Jagadish
>>>
>>>
>>> On Mon, 2008-01-07 at 11:39 -0500, Ryan de Laplante wrote:
>>>
>>>> I have a custom JCA connector deployed into GlassFish. I've
>>>> created a connection pool for it and configured a bunch of
>>>> properties. Some of the properties include the full path & filename
>>>> to a encryption keystore, and the password for that file. I need
>>>> to know if the JCA connection pool settings are stored securely,
>>>> how they are stored, and where they are stored.
>>>>
>>>>
>>>> Thanks,
>>>> Ryan
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>