[javaee-spec users] Re: Enforce resouce attribute restrictions

From: Linda DeMichiel <>
Date: Thu, 17 Nov 2011 12:05:44 -0800

Hi Christian,

Thanks for your post. More below.....

On 11/17/2011 10:12 AM, wrote:
> Dear javaee-spec,
> I read the "Resource Configuration" document provided on the download
> page. I'm missing two aspect in the resource-configured-by-application
> discussion:
> 1) How can a PAAS admin protect its infrastructure?
> let's use a DB-res as example. I think it would make sense if a PAAS
> admin could configure some restrictions on the resource descriptions
> shipped with applications.
> for example: the max-pool-size has to be between 1 and 100, to avoid
> problems with the database if someone configures max-pool-size=1000000

Yes -- that is our expectation. This was noted in the followup email on
metadata that I sent to the group on 10/13, and we intend to make this point
explicit in the spec.

> other example: name has to start with java:app/jdbc, to avoid access to
> other JNDI names outside the application

Our expectation here is that access to the JNDI name space will scoped per tenant.
Which example are you referring to?

> 2) How to protect passwords?
> If a configuration requires a password in order to create a resource.
> How can the password be protected? (at least a little bit) My guess is
> that resource-config-descriptors will end up in SVN or git
> repositories.
> Storing clear text passwords in repositories is not a good idea.
> GF has the concept of pwd-aliases to avoid clear text pwd in config
> files. other application servers replace clear text with encrypted pwd
> on the fly. This it not standardized and will make it hard to move
> applications from one PAAS offering to the next.

We agree with you. We don't expect passwords to be used in this manner
in production systems. However, they may be useful in development mode
and in testing locally, etc.

> What do you think? Would it make sense to describe these issues in the
> spec?

Yes. We plan to do so.



> Regards
> Christian