You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@continuum.apache.org by "jan ancajas (JIRA)" <ji...@codehaus.org> on 2008/11/12 10:20:13 UTC
[jira] Updated: (CONTINUUM-1974) JDBC Password obfuscation support
[ http://jira.codehaus.org/browse/CONTINUUM-1974?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
jan ancajas updated CONTINUUM-1974:
-----------------------------------
Attachment: CONTINUUM-1974-continuum-commons.patch
attach patch + unit test.
I created an adapter to be used by any vendor specific dataSource so that we can pass an obfuscated password. Then we will just have to modify the jetty-env.xml to use that adapter.
e.g. :
original entry:
{noformat}
<New id="continuum" class="org.mortbay.jetty.plus.naming.Resource">
<Arg>jdbc/continuum</Arg>
<Arg>
<New class="com.mysql.jdbc.jdbc2.optional.MysqlConnectionPoolDataSource">
<Set name="serverName">localhost</Set>
<Set name="databaseName">maestro_continuum</Set>
<Set name="user">root</Set>
<Set name="password">admin123</Set>
</New>
</Arg>
</New>
{noformat}
modified entry:
{noformat}
<New id="continuum" class="org.mortbay.jetty.plus.naming.Resource">
<Arg>jdbc/continuum</Arg>
<Arg>
<New class="org.apache.maven.continuum.utils.SecuredDataSourceAdapter">
<Set name="dataSource">
<New class="com.mysql.jdbc.jdbc2.optional.MysqlConnectionPoolDataSource">
<Set name="serverName">localhost</Set>
<Set name="databaseName">maestro_continuum</Set>
<Set name="user">root</Set>
<!--Set name="password">admin123</Set-->
</New>
</Set>
<Set name="password">OBF:1igd1iup1kfv1vne1vno1kcj1irx1idt</Set>
</New>
</New>
{noformat}
The obfuscated password is generated using the steps from : http://docs.codehaus.org/display/JETTY/Securing+Passwords
> JDBC Password obfuscation support
> ---------------------------------
>
> Key: CONTINUUM-1974
> URL: http://jira.codehaus.org/browse/CONTINUUM-1974
> Project: Continuum
> Issue Type: New Feature
> Components: Web - Security
> Affects Versions: Future
> Reporter: jan ancajas
> Attachments: CONTINUUM-1974-continuum-commons.patch
>
>
> We are using jetty's JNDI lookup for initializing the dataSource, it would be good if we can secure the password parameter. As a start, we can use the obfuscation mechanism already provided by jetty.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira