users@glassfish.java.net

Re: password for encryption ? where ?

From: Kumar Jayanti <Vbkumar.Jayanti_at_Sun.COM>
Date: Tue, 24 Feb 2009 12:44:39 +0530

Felipe Gaúcho wrote:
> I have this encryption algorithm to scramble URLs I send by email for
> registration confirmation.... it works fine, but today the key used in
> the encryption is hard coded in the bean ...
>
> so, options:
>
> 1) to move the password to a properties file :(
> 2) to move the password to the "application context", what means
> Glassfish somewhere
>
> what is the best place to store the secret key ?
>
> * if I can use Glassfish to hold this info in administrative level, it
> would be the best solution for me..
>
>
>
Glassfish has a file called domain-passwords under your domain config.
This file is a JCEKS store and is protected by the GF masterpassword.
You can store passwords either in it or in a similar store and access
them using the java Keystore API .


rgds.