You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user-java@ibatis.apache.org by "Jhaver, Rishi" <RJ...@wheels.com> on 2009/04/21 16:42:24 UTC
Sql Map file
Hi
I'm new to Ibatis and was wondering if anyone's faced this issue before.
Couldn't find a solution on the website FAQs.
I have the following in my sqlmapconfig file.
<transactionManager type="JDBC" commitRequired="false">
<dataSource type="SIMPLE">
<property name="JDBC.Driver"
value="oracle.jdbc.driver.OracleDriver"/>
<property name="JDBC.ConnectionURL"
value="jdbc:oracle:thin:@XXX1:9999:XXX1"/>
<property name="JDBC.Username" value="XXX"/>
<property name="JDBC.Password" value="XXX"/>
</dataSource>
</transactionManager>
I dont want the user name and password to be exposed as clear text in a
config file.
Is there a way to hide this information, maybe by passing the
information programmatically or using another way.
My main concern is to not keep the user credentials in clear text in a
config file.
Thanks
Rishi...
Oracle connection objects
Posted by "Jhaver, Rishi" <RJ...@wheels.com>.
Thanks for all the responses.
If I'm looking to create a connection object from within the java code,
- how do I create such a connection object from my code (that will work
with IBATIS). Do I need to use java.sql.Connection ? or something else ?
- can I use this object along with user name and pwd credentials to
connect to an oracle db.
Thanks
Rishi...
________________________________
From: Chris O'Connell [mailto:oconnell@gorillachicago.com]
Sent: Tuesday, April 21, 2009 10:00 AM
To: user-java@ibatis.apache.org
Subject: Re: Sql Map file
I would suggest the appserver route. In at least the version of
weblogic that I am using, the password is saved to the file system, but
it is encrypted in the config file. If that isn't possible, just
encrypt the password yourself and put some decryption code in an
extension of the datasource.
On Tue, Apr 21, 2009 at 9:49 AM, Alex Sherwin
<al...@acadiasoft.com> wrote:
Not sure about doing it programatically, but it's going to end
up being cleartext (or close to it) somewhere...
For example when you use a connection pool in an app server, the
user/password ends up being plain text in your domains configuration
file... I believe most people focus on securing the deployment so that
the files cannot be read by users without proper permissions
Jhaver, Rishi wrote:
Hi
I'm new to Ibatis and was wondering if anyone's faced
this issue before.
Couldn't find a solution on the website FAQs.
I have the following in my sqlmapconfig file.
<transactionManager type="JDBC"
commitRequired="false">
<dataSource type="SIMPLE">
<property name="JDBC.Driver"
value="oracle.jdbc.driver.OracleDriver"/>
<property name="JDBC.ConnectionURL"
value="jdbc:oracle:thin:@XXX1:9999:XXX1"/>
<property name="JDBC.Username" value="XXX"/>
<property name="JDBC.Password" value="XXX"/>
</dataSource>
</transactionManager>
I dont want the user name and password to be exposed as
clear text in a config file.
Is there a way to hide this information, maybe by
passing the information programmatically or using another way.
My main concern is to not keep the user credentials in
clear text in a config file.
Thanks
Rishi...
--
--
Chris O'Connell
Application Developer
Gorilla
312.243.8777 x19
Re: Sql Map file
Posted by Stephen Boyd <sw...@gmail.com>.
WebSphere encodes the password using XOR in an xml file which is not the
same an encrypting.
Re: Sql Map file
Posted by Chris O'Connell <oc...@gorillachicago.com>.
I would suggest the appserver route. In at least the version of weblogic
that I am using, the password is saved to the file system, but it is
encrypted in the config file. If that isn't possible, just encrypt the
password yourself and put some decryption code in an extension of the
datasource.
On Tue, Apr 21, 2009 at 9:49 AM, Alex Sherwin
<al...@acadiasoft.com>wrote:
> Not sure about doing it programatically, but it's going to end up being
> cleartext (or close to it) somewhere...
>
> For example when you use a connection pool in an app server, the
> user/password ends up being plain text in your domains configuration file...
> I believe most people focus on securing the deployment so that the files
> cannot be read by users without proper permissions
>
>
>
>
> Jhaver, Rishi wrote:
>
>> Hi
>> I'm new to Ibatis and was wondering if anyone's faced this issue before.
>> Couldn't find a solution on the website FAQs.
>> I have the following in my sqlmapconfig file.
>> <transactionManager type="JDBC" commitRequired="false">
>> <dataSource type="SIMPLE">
>> <property name="JDBC.Driver"
>> value="oracle.jdbc.driver.OracleDriver"/>
>> <property name="JDBC.ConnectionURL" value="jdbc:oracle:thin:@XXX1
>> :9999:XXX1"/>
>> <property name="JDBC.Username" value="XXX"/>
>> <property name="JDBC.Password" value="XXX"/>
>> </dataSource>
>> </transactionManager>
>> I dont want the user name and password to be exposed as clear text in a
>> config file.
>> Is there a way to hide this information, maybe by passing the information
>> programmatically or using another way.
>> My main concern is to not keep the user credentials in clear text in a
>> config file.
>> Thanks
>> Rishi...
>>
>>
>
>
>
--
--
Chris O'Connell
Application Developer
Gorilla
312.243.8777 x19
Re: Sql Map file
Posted by Alex Sherwin <al...@acadiasoft.com>.
Not sure about doing it programatically, but it's going to end up being
cleartext (or close to it) somewhere...
For example when you use a connection pool in an app server, the
user/password ends up being plain text in your domains configuration
file... I believe most people focus on securing the deployment so that
the files cannot be read by users without proper permissions
Jhaver, Rishi wrote:
> Hi
>
> I'm new to Ibatis and was wondering if anyone's faced this issue before.
> Couldn't find a solution on the website FAQs.
>
> I have the following in my sqlmapconfig file.
>
> <transactionManager type="JDBC" commitRequired="false">
> <dataSource type="SIMPLE">
> <property name="JDBC.Driver"
> value="oracle.jdbc.driver.OracleDriver"/>
> <property name="JDBC.ConnectionURL"
> value="jdbc:oracle:thin:@XXX1:9999:XXX1"/>
> <property name="JDBC.Username" value="XXX"/>
> <property name="JDBC.Password" value="XXX"/>
> </dataSource>
> </transactionManager>
> I dont want the user name and password to be exposed as clear text in
> a config file.
> Is there a way to hide this information, maybe by passing the
> information programmatically or using another way.
> My main concern is to not keep the user credentials in clear text in a
> config file.
>
>
> Thanks
> Rishi...
>
Re: Sql Map file
Posted by Brandon Goodin <br...@gmail.com>.
You could use JNDI, or can extends the simple datasource and add your own
hashing. I'm not sure why you are that concerned about the password being in
there. If someone gets access to your WEB-INF folder and you don't want them
in there... you have bigger issues my friend. :)
Brandon
On Tue, Apr 21, 2009 at 9:42 AM, Jhaver, Rishi <RJ...@wheels.com> wrote:
> Hi
>
> I'm new to Ibatis and was wondering if anyone's faced this issue before.
> Couldn't find a solution on the website FAQs.
>
> I have the following in my sqlmapconfig file.
>
> <transactionManager type="JDBC" commitRequired="false">
> <dataSource type="SIMPLE">
> <property name="JDBC.Driver"
> value="oracle.jdbc.driver.OracleDriver"/>
> <property name="JDBC.ConnectionURL" value="jdbc:oracle:thin:@XXX1:
> 9999:XXX1"/>
> <property name="JDBC.Username" value="XXX"/>
> <property name="JDBC.Password" value="XXX"/>
> </dataSource>
> </transactionManager>
> I dont want the user name and password to be exposed as clear text in a
> config file.
> Is there a way to hide this information, maybe by passing the information
> programmatically or using another way.
> My main concern is to not keep the user credentials in clear text in a
> config file.
>
>
> Thanks
> Rishi...
>
>