You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@continuum.apache.org by "jan ancajas (JIRA)" <ji...@codehaus.org> on 2008/11/12 10:20:13 UTC

[jira] Updated: (CONTINUUM-1974) JDBC Password obfuscation support

     [ http://jira.codehaus.org/browse/CONTINUUM-1974?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

jan ancajas updated CONTINUUM-1974:
-----------------------------------

    Attachment: CONTINUUM-1974-continuum-commons.patch

attach patch  + unit test.

I created an adapter  to be used by any vendor specific dataSource so that we can pass an obfuscated password. Then we will just have to modify the jetty-env.xml to use that adapter.


e.g. :
original entry:
{noformat}
<New id="continuum" class="org.mortbay.jetty.plus.naming.Resource">
 <Arg>jdbc/continuum</Arg>
 <Arg>
   <New class="com.mysql.jdbc.jdbc2.optional.MysqlConnectionPoolDataSource">
     <Set name="serverName">localhost</Set>
     <Set name="databaseName">maestro_continuum</Set>
     <Set name="user">root</Set>
     <Set name="password">admin123</Set>
   </New>
 </Arg>
</New>
{noformat}

modified entry:
{noformat}
<New id="continuum" class="org.mortbay.jetty.plus.naming.Resource">
 <Arg>jdbc/continuum</Arg>
 <Arg>
   <New class="org.apache.maven.continuum.utils.SecuredDataSourceAdapter">
     <Set name="dataSource">
       <New class="com.mysql.jdbc.jdbc2.optional.MysqlConnectionPoolDataSource">
       <Set name="serverName">localhost</Set>
       <Set name="databaseName">maestro_continuum</Set>
       <Set name="user">root</Set>
       <!--Set name="password">admin123</Set-->
     </New>

     </Set>
     <Set name="password">OBF:1igd1iup1kfv1vne1vno1kcj1irx1idt</Set>
   </New>
</New>
{noformat}


The obfuscated password is generated  using the steps from : http://docs.codehaus.org/display/JETTY/Securing+Passwords



> JDBC Password obfuscation support
> ---------------------------------
>
>                 Key: CONTINUUM-1974
>                 URL: http://jira.codehaus.org/browse/CONTINUUM-1974
>             Project: Continuum
>          Issue Type: New Feature
>          Components: Web - Security
>    Affects Versions: Future
>            Reporter: jan ancajas
>         Attachments: CONTINUUM-1974-continuum-commons.patch
>
>
> We are using jetty's JNDI lookup for initializing the dataSource, it would be good if we can secure  the password parameter. As a start, we can use the obfuscation mechanism already provided by jetty.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira