You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openjpa.apache.org by "Kevin Sutter (JIRA)" <ji...@apache.org> on 2009/05/15 16:56:45 UTC
[jira] Created: (OPENJPA-1089) Provide for password encryption
within persistence.xml
Provide for password encryption within persistence.xml
------------------------------------------------------
Key: OPENJPA-1089
URL: https://issues.apache.org/jira/browse/OPENJPA-1089
Project: OpenJPA
Issue Type: New Feature
Components: jpa
Affects Versions: 1.3.0, 2.0.0
Reporter: Kevin Sutter
A recent discussion on our users forum [1] has surfaced (again) the need to encrypt the password fields in the persistence.xml. In the particular scenario outlined in the posting, this user wanted to encrypt the password sent into Apache DBCP via the url string. In my mind, that's a separate problem related to DBCP.
But, OpenJPA has openjpa.Connection*Password properties that could be encrypted. And, the new JPA 2 spec outlines a javax.persistence.jdbc.password property that would be nice to encrypt.
I'm opening this Issue as a Feature request, but it could also be considered a bug since a non-jndi environment is crippled from a security standpoint.
[1] http://n2.nabble.com/How-to-encrypt-DB-password-in-persistence.xml-td2868212.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OPENJPA-1089) Provide for password encryption
within persistence.xml
Posted by "Donald Woods (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENJPA-1089?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12734773#action_12734773 ]
Donald Woods commented on OPENJPA-1089:
---------------------------------------
Geronimo has been working on something similar for its config files - https://issues.apache.org/jira/browse/GERONIMO-3003
We've had encrypt/decrypt for password stores and deployer connections for awhile, so wondering if we need to say that encrypted passwords must be Base64 encoded, so they can always be passed in as a String (whereas some encrypted data could include 0x00 and quotes by default)?
> Provide for password encryption within persistence.xml
> ------------------------------------------------------
>
> Key: OPENJPA-1089
> URL: https://issues.apache.org/jira/browse/OPENJPA-1089
> Project: OpenJPA
> Issue Type: New Feature
> Components: jpa
> Affects Versions: 1.3.0, 2.0.0-M2
> Reporter: Kevin Sutter
> Attachments: OPENJPA-1089.PATCH
>
>
> A recent discussion on our users forum [1] has surfaced (again) the need to encrypt the password fields in the persistence.xml. In the particular scenario outlined in the posting, this user wanted to encrypt the password sent into Apache DBCP via the url string. In my mind, that's a separate problem related to DBCP.
> But, OpenJPA has openjpa.Connection*Password properties that could be encrypted. And, the new JPA 2 spec outlines a javax.persistence.jdbc.password property that would be nice to encrypt.
> I'm opening this Issue as a Feature request, but it could also be considered a bug since a non-jndi environment is crippled from a security standpoint.
> [1] http://n2.nabble.com/How-to-encrypt-DB-password-in-persistence.xml-td2868212.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OPENJPA-1089) Provide for password encryption
within persistence.xml
Posted by "Rick Curtis (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENJPA-1089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rick Curtis updated OPENJPA-1089:
---------------------------------
Attachment: OPENJPA-1089.PATCH
I created a plugin that allows a user to implement a EncryptionProvider interface so the OpenJPA runtime will call their interface to decrypt openjpa.Connection(2)Password values. Please take a look and let me know what you think. If everything looks good I'll fix up the user manual.
-Rick
> Provide for password encryption within persistence.xml
> ------------------------------------------------------
>
> Key: OPENJPA-1089
> URL: https://issues.apache.org/jira/browse/OPENJPA-1089
> Project: OpenJPA
> Issue Type: New Feature
> Components: jpa
> Affects Versions: 1.3.0, 2.0.0-M2
> Reporter: Kevin Sutter
> Attachments: OPENJPA-1089.PATCH
>
>
> A recent discussion on our users forum [1] has surfaced (again) the need to encrypt the password fields in the persistence.xml. In the particular scenario outlined in the posting, this user wanted to encrypt the password sent into Apache DBCP via the url string. In my mind, that's a separate problem related to DBCP.
> But, OpenJPA has openjpa.Connection*Password properties that could be encrypted. And, the new JPA 2 spec outlines a javax.persistence.jdbc.password property that would be nice to encrypt.
> I'm opening this Issue as a Feature request, but it could also be considered a bug since a non-jndi environment is crippled from a security standpoint.
> [1] http://n2.nabble.com/How-to-encrypt-DB-password-in-persistence.xml-td2868212.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OPENJPA-1089) Provide for password encryption
within persistence.xml
Posted by "Michael Dick (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENJPA-1089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Dick updated OPENJPA-1089:
----------------------------------
Affects Version/s: 2.0.0
Fix Version/s: 2.0.0
1.3.0
> Provide for password encryption within persistence.xml
> ------------------------------------------------------
>
> Key: OPENJPA-1089
> URL: https://issues.apache.org/jira/browse/OPENJPA-1089
> Project: OpenJPA
> Issue Type: New Feature
> Components: jpa
> Affects Versions: 1.3.0, 2.0.0
> Reporter: Kevin Sutter
> Assignee: Michael Dick
> Fix For: 1.3.0, 2.0.0
>
> Attachments: OPENJPA-1089-2.patch, OPENJPA-1089.PATCH
>
> Original Estimate: 0h
> Remaining Estimate: 0h
>
> A recent discussion on our users forum [1] has surfaced (again) the need to encrypt the password fields in the persistence.xml. In the particular scenario outlined in the posting, this user wanted to encrypt the password sent into Apache DBCP via the url string. In my mind, that's a separate problem related to DBCP.
> But, OpenJPA has openjpa.Connection*Password properties that could be encrypted. And, the new JPA 2 spec outlines a javax.persistence.jdbc.password property that would be nice to encrypt.
> I'm opening this Issue as a Feature request, but it could also be considered a bug since a non-jndi environment is crippled from a security standpoint.
> [1] http://n2.nabble.com/How-to-encrypt-DB-password-in-persistence.xml-td2868212.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OPENJPA-1089) Provide for password encryption
within persistence.xml
Posted by "Rick Curtis (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENJPA-1089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rick Curtis updated OPENJPA-1089:
---------------------------------
Patch Info: [Patch Available]
> Provide for password encryption within persistence.xml
> ------------------------------------------------------
>
> Key: OPENJPA-1089
> URL: https://issues.apache.org/jira/browse/OPENJPA-1089
> Project: OpenJPA
> Issue Type: New Feature
> Components: jpa
> Affects Versions: 1.3.0, 2.0.0-M2
> Reporter: Kevin Sutter
> Attachments: OPENJPA-1089.PATCH
>
>
> A recent discussion on our users forum [1] has surfaced (again) the need to encrypt the password fields in the persistence.xml. In the particular scenario outlined in the posting, this user wanted to encrypt the password sent into Apache DBCP via the url string. In my mind, that's a separate problem related to DBCP.
> But, OpenJPA has openjpa.Connection*Password properties that could be encrypted. And, the new JPA 2 spec outlines a javax.persistence.jdbc.password property that would be nice to encrypt.
> I'm opening this Issue as a Feature request, but it could also be considered a bug since a non-jndi environment is crippled from a security standpoint.
> [1] http://n2.nabble.com/How-to-encrypt-DB-password-in-persistence.xml-td2868212.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OPENJPA-1089) Provide for password encryption
within persistence.xml
Posted by "Michael Dick (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENJPA-1089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Dick updated OPENJPA-1089:
----------------------------------
Affects Version/s: (was: 2.0.0-M2)
Fix Version/s: (was: 2.0.0)
Assignee: Michael Dick (was: Donald Woods)
Remaining Estimate: 0h
Original Estimate: 0h
I ran into a problem with the testcase:
TestPersistenceProductDerivation:109
assertTrue(actual.containsAll(Arrays.asList(expectedPUs))); // fails
assertTrue(actual.containsAll(expectedPUs)); // passes
Otherwise the patch looks good, running the full regression bucket now.
> Provide for password encryption within persistence.xml
> ------------------------------------------------------
>
> Key: OPENJPA-1089
> URL: https://issues.apache.org/jira/browse/OPENJPA-1089
> Project: OpenJPA
> Issue Type: New Feature
> Components: jpa
> Affects Versions: 1.3.0
> Reporter: Kevin Sutter
> Assignee: Michael Dick
> Attachments: OPENJPA-1089-2.patch, OPENJPA-1089.PATCH
>
> Original Estimate: 0h
> Remaining Estimate: 0h
>
> A recent discussion on our users forum [1] has surfaced (again) the need to encrypt the password fields in the persistence.xml. In the particular scenario outlined in the posting, this user wanted to encrypt the password sent into Apache DBCP via the url string. In my mind, that's a separate problem related to DBCP.
> But, OpenJPA has openjpa.Connection*Password properties that could be encrypted. And, the new JPA 2 spec outlines a javax.persistence.jdbc.password property that would be nice to encrypt.
> I'm opening this Issue as a Feature request, but it could also be considered a bug since a non-jndi environment is crippled from a security standpoint.
> [1] http://n2.nabble.com/How-to-encrypt-DB-password-in-persistence.xml-td2868212.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Reopened: (OPENJPA-1089) Provide for password encryption
within persistence.xml
Posted by "Michael Dick (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENJPA-1089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Dick reopened OPENJPA-1089:
-----------------------------------
Reopening to port to 1.3.0
> Provide for password encryption within persistence.xml
> ------------------------------------------------------
>
> Key: OPENJPA-1089
> URL: https://issues.apache.org/jira/browse/OPENJPA-1089
> Project: OpenJPA
> Issue Type: New Feature
> Components: jpa
> Affects Versions: 1.3.0
> Reporter: Kevin Sutter
> Assignee: Michael Dick
> Attachments: OPENJPA-1089-2.patch, OPENJPA-1089.PATCH
>
> Original Estimate: 0h
> Remaining Estimate: 0h
>
> A recent discussion on our users forum [1] has surfaced (again) the need to encrypt the password fields in the persistence.xml. In the particular scenario outlined in the posting, this user wanted to encrypt the password sent into Apache DBCP via the url string. In my mind, that's a separate problem related to DBCP.
> But, OpenJPA has openjpa.Connection*Password properties that could be encrypted. And, the new JPA 2 spec outlines a javax.persistence.jdbc.password property that would be nice to encrypt.
> I'm opening this Issue as a Feature request, but it could also be considered a bug since a non-jndi environment is crippled from a security standpoint.
> [1] http://n2.nabble.com/How-to-encrypt-DB-password-in-persistence.xml-td2868212.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OPENJPA-1089) Provide for password encryption
within persistence.xml
Posted by "Rick Curtis (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENJPA-1089?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12734700#action_12734700 ]
Rick Curtis commented on OPENJPA-1089:
--------------------------------------
I'd also like to comment that DBCP has a JIRA [1.] open for the same issue.
-Rick
[1.] http://issues.apache.org/jira/browse/DBCP-297
> Provide for password encryption within persistence.xml
> ------------------------------------------------------
>
> Key: OPENJPA-1089
> URL: https://issues.apache.org/jira/browse/OPENJPA-1089
> Project: OpenJPA
> Issue Type: New Feature
> Components: jpa
> Affects Versions: 1.3.0, 2.0.0-M2
> Reporter: Kevin Sutter
> Attachments: OPENJPA-1089.PATCH
>
>
> A recent discussion on our users forum [1] has surfaced (again) the need to encrypt the password fields in the persistence.xml. In the particular scenario outlined in the posting, this user wanted to encrypt the password sent into Apache DBCP via the url string. In my mind, that's a separate problem related to DBCP.
> But, OpenJPA has openjpa.Connection*Password properties that could be encrypted. And, the new JPA 2 spec outlines a javax.persistence.jdbc.password property that would be nice to encrypt.
> I'm opening this Issue as a Feature request, but it could also be considered a bug since a non-jndi environment is crippled from a security standpoint.
> [1] http://n2.nabble.com/How-to-encrypt-DB-password-in-persistence.xml-td2868212.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OPENJPA-1089) Provide for password encryption
within persistence.xml
Posted by "Rick Curtis (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENJPA-1089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rick Curtis updated OPENJPA-1089:
---------------------------------
Attachment: OPENJPA-1089-2.patch
Pinaki -- I'll be glad to commit the patch as soon as I'm a committer :-)
Donald - Do you think we need to be more explicit in stating what are valid characters for encrypted passwords? Will the requirement that an encrypted password must be a string be strict enough?
OPENJPA-1089-2.patch includes a minor update to the javadoc on the EncryptionProvider interface and it also includes new docs.
> Provide for password encryption within persistence.xml
> ------------------------------------------------------
>
> Key: OPENJPA-1089
> URL: https://issues.apache.org/jira/browse/OPENJPA-1089
> Project: OpenJPA
> Issue Type: New Feature
> Components: jpa
> Affects Versions: 1.3.0, 2.0.0-M2
> Reporter: Kevin Sutter
> Assignee: Donald Woods
> Fix For: 2.0.0
>
> Attachments: OPENJPA-1089-2.patch, OPENJPA-1089.PATCH
>
>
> A recent discussion on our users forum [1] has surfaced (again) the need to encrypt the password fields in the persistence.xml. In the particular scenario outlined in the posting, this user wanted to encrypt the password sent into Apache DBCP via the url string. In my mind, that's a separate problem related to DBCP.
> But, OpenJPA has openjpa.Connection*Password properties that could be encrypted. And, the new JPA 2 spec outlines a javax.persistence.jdbc.password property that would be nice to encrypt.
> I'm opening this Issue as a Feature request, but it could also be considered a bug since a non-jndi environment is crippled from a security standpoint.
> [1] http://n2.nabble.com/How-to-encrypt-DB-password-in-persistence.xml-td2868212.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OPENJPA-1089) Provide for password encryption
within persistence.xml
Posted by "Rick Curtis (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENJPA-1089?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12737257#action_12737257 ]
Rick Curtis commented on OPENJPA-1089:
--------------------------------------
Maybe I'm being a bit dense here... but isn't it enough to state that encrypted passwords must be a non-null, valid string?
> Provide for password encryption within persistence.xml
> ------------------------------------------------------
>
> Key: OPENJPA-1089
> URL: https://issues.apache.org/jira/browse/OPENJPA-1089
> Project: OpenJPA
> Issue Type: New Feature
> Components: jpa
> Affects Versions: 1.3.0, 2.0.0-M2
> Reporter: Kevin Sutter
> Assignee: Donald Woods
> Fix For: 2.0.0
>
> Attachments: OPENJPA-1089.PATCH
>
>
> A recent discussion on our users forum [1] has surfaced (again) the need to encrypt the password fields in the persistence.xml. In the particular scenario outlined in the posting, this user wanted to encrypt the password sent into Apache DBCP via the url string. In my mind, that's a separate problem related to DBCP.
> But, OpenJPA has openjpa.Connection*Password properties that could be encrypted. And, the new JPA 2 spec outlines a javax.persistence.jdbc.password property that would be nice to encrypt.
> I'm opening this Issue as a Feature request, but it could also be considered a bug since a non-jndi environment is crippled from a security standpoint.
> [1] http://n2.nabble.com/How-to-encrypt-DB-password-in-persistence.xml-td2868212.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OPENJPA-1089) Provide for password encryption
within persistence.xml
Posted by "Donald Woods (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENJPA-1089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Donald Woods updated OPENJPA-1089:
----------------------------------
Fix Version/s: (was: 2.0.0)
2.0.0-M3
> Provide for password encryption within persistence.xml
> ------------------------------------------------------
>
> Key: OPENJPA-1089
> URL: https://issues.apache.org/jira/browse/OPENJPA-1089
> Project: OpenJPA
> Issue Type: New Feature
> Components: jpa
> Affects Versions: 1.3.0, 2.0.0
> Reporter: Kevin Sutter
> Assignee: Michael Dick
> Fix For: 1.3.0, 2.0.0-M3
>
> Attachments: OPENJPA-1089-2.patch, OPENJPA-1089.PATCH
>
> Original Estimate: 0h
> Remaining Estimate: 0h
>
> A recent discussion on our users forum [1] has surfaced (again) the need to encrypt the password fields in the persistence.xml. In the particular scenario outlined in the posting, this user wanted to encrypt the password sent into Apache DBCP via the url string. In my mind, that's a separate problem related to DBCP.
> But, OpenJPA has openjpa.Connection*Password properties that could be encrypted. And, the new JPA 2 spec outlines a javax.persistence.jdbc.password property that would be nice to encrypt.
> I'm opening this Issue as a Feature request, but it could also be considered a bug since a non-jndi environment is crippled from a security standpoint.
> [1] http://n2.nabble.com/How-to-encrypt-DB-password-in-persistence.xml-td2868212.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OPENJPA-1089) Provide for password encryption
within persistence.xml
Posted by "Pinaki Poddar (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENJPA-1089?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12737525#action_12737525 ]
Pinaki Poddar commented on OPENJPA-1089:
----------------------------------------
Rick's patch looked good. Why do not you commit it, Rick?
> Provide for password encryption within persistence.xml
> ------------------------------------------------------
>
> Key: OPENJPA-1089
> URL: https://issues.apache.org/jira/browse/OPENJPA-1089
> Project: OpenJPA
> Issue Type: New Feature
> Components: jpa
> Affects Versions: 1.3.0, 2.0.0-M2
> Reporter: Kevin Sutter
> Assignee: Donald Woods
> Fix For: 2.0.0
>
> Attachments: OPENJPA-1089.PATCH
>
>
> A recent discussion on our users forum [1] has surfaced (again) the need to encrypt the password fields in the persistence.xml. In the particular scenario outlined in the posting, this user wanted to encrypt the password sent into Apache DBCP via the url string. In my mind, that's a separate problem related to DBCP.
> But, OpenJPA has openjpa.Connection*Password properties that could be encrypted. And, the new JPA 2 spec outlines a javax.persistence.jdbc.password property that would be nice to encrypt.
> I'm opening this Issue as a Feature request, but it could also be considered a bug since a non-jndi environment is crippled from a security standpoint.
> [1] http://n2.nabble.com/How-to-encrypt-DB-password-in-persistence.xml-td2868212.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OPENJPA-1089) Provide for password encryption
within persistence.xml
Posted by "Donald Woods (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENJPA-1089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Donald Woods updated OPENJPA-1089:
----------------------------------
Fix Version/s: 2.0.0
Assignee: Donald Woods
This would be a definite value-add for OpenJPA...
> Provide for password encryption within persistence.xml
> ------------------------------------------------------
>
> Key: OPENJPA-1089
> URL: https://issues.apache.org/jira/browse/OPENJPA-1089
> Project: OpenJPA
> Issue Type: New Feature
> Components: jpa
> Affects Versions: 1.3.0, 2.0.0-M2
> Reporter: Kevin Sutter
> Assignee: Donald Woods
> Fix For: 2.0.0
>
> Attachments: OPENJPA-1089.PATCH
>
>
> A recent discussion on our users forum [1] has surfaced (again) the need to encrypt the password fields in the persistence.xml. In the particular scenario outlined in the posting, this user wanted to encrypt the password sent into Apache DBCP via the url string. In my mind, that's a separate problem related to DBCP.
> But, OpenJPA has openjpa.Connection*Password properties that could be encrypted. And, the new JPA 2 spec outlines a javax.persistence.jdbc.password property that would be nice to encrypt.
> I'm opening this Issue as a Feature request, but it could also be considered a bug since a non-jndi environment is crippled from a security standpoint.
> [1] http://n2.nabble.com/How-to-encrypt-DB-password-in-persistence.xml-td2868212.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OPENJPA-1089) Provide for password encryption
within persistence.xml
Posted by "Donald Woods (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENJPA-1089?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12709881#action_12709881 ]
Donald Woods commented on OPENJPA-1089:
---------------------------------------
We have a similar feature in Apache Geronimo for our config.xml and deployment plans. The only downside of adding this to OpenJPA, is we would then have to follow the ASF Cryptography release guidelines at -
http://www.apache.org/dev/crypto.html
since we would be using encryption/decryption (even if provided by the JVM). Not a biggie, but adds a few steps to the release process...
> Provide for password encryption within persistence.xml
> ------------------------------------------------------
>
> Key: OPENJPA-1089
> URL: https://issues.apache.org/jira/browse/OPENJPA-1089
> Project: OpenJPA
> Issue Type: New Feature
> Components: jpa
> Affects Versions: 1.3.0, 2.0.0
> Reporter: Kevin Sutter
>
> A recent discussion on our users forum [1] has surfaced (again) the need to encrypt the password fields in the persistence.xml. In the particular scenario outlined in the posting, this user wanted to encrypt the password sent into Apache DBCP via the url string. In my mind, that's a separate problem related to DBCP.
> But, OpenJPA has openjpa.Connection*Password properties that could be encrypted. And, the new JPA 2 spec outlines a javax.persistence.jdbc.password property that would be nice to encrypt.
> I'm opening this Issue as a Feature request, but it could also be considered a bug since a non-jndi environment is crippled from a security standpoint.
> [1] http://n2.nabble.com/How-to-encrypt-DB-password-in-persistence.xml-td2868212.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (OPENJPA-1089) Provide for password encryption
within persistence.xml
Posted by "Michael Dick (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENJPA-1089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Dick resolved OPENJPA-1089.
-----------------------------------
Resolution: Fixed
> Provide for password encryption within persistence.xml
> ------------------------------------------------------
>
> Key: OPENJPA-1089
> URL: https://issues.apache.org/jira/browse/OPENJPA-1089
> Project: OpenJPA
> Issue Type: New Feature
> Components: jpa
> Affects Versions: 1.3.0, 2.0.0
> Reporter: Kevin Sutter
> Assignee: Michael Dick
> Fix For: 1.3.0, 2.0.0
>
> Attachments: OPENJPA-1089-2.patch, OPENJPA-1089.PATCH
>
> Original Estimate: 0h
> Remaining Estimate: 0h
>
> A recent discussion on our users forum [1] has surfaced (again) the need to encrypt the password fields in the persistence.xml. In the particular scenario outlined in the posting, this user wanted to encrypt the password sent into Apache DBCP via the url string. In my mind, that's a separate problem related to DBCP.
> But, OpenJPA has openjpa.Connection*Password properties that could be encrypted. And, the new JPA 2 spec outlines a javax.persistence.jdbc.password property that would be nice to encrypt.
> I'm opening this Issue as a Feature request, but it could also be considered a bug since a non-jndi environment is crippled from a security standpoint.
> [1] http://n2.nabble.com/How-to-encrypt-DB-password-in-persistence.xml-td2868212.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OPENJPA-1089) Provide for password encryption
within persistence.xml
Posted by "Michael Dick (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENJPA-1089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Dick updated OPENJPA-1089:
----------------------------------
Thanks for the patch Rick
> Provide for password encryption within persistence.xml
> ------------------------------------------------------
>
> Key: OPENJPA-1089
> URL: https://issues.apache.org/jira/browse/OPENJPA-1089
> Project: OpenJPA
> Issue Type: New Feature
> Components: jpa
> Affects Versions: 1.3.0
> Reporter: Kevin Sutter
> Assignee: Michael Dick
> Attachments: OPENJPA-1089-2.patch, OPENJPA-1089.PATCH
>
> Original Estimate: 0h
> Remaining Estimate: 0h
>
> A recent discussion on our users forum [1] has surfaced (again) the need to encrypt the password fields in the persistence.xml. In the particular scenario outlined in the posting, this user wanted to encrypt the password sent into Apache DBCP via the url string. In my mind, that's a separate problem related to DBCP.
> But, OpenJPA has openjpa.Connection*Password properties that could be encrypted. And, the new JPA 2 spec outlines a javax.persistence.jdbc.password property that would be nice to encrypt.
> I'm opening this Issue as a Feature request, but it could also be considered a bug since a non-jndi environment is crippled from a security standpoint.
> [1] http://n2.nabble.com/How-to-encrypt-DB-password-in-persistence.xml-td2868212.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (OPENJPA-1089) Provide for password encryption
within persistence.xml
Posted by "Michael Dick (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENJPA-1089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Dick resolved OPENJPA-1089.
-----------------------------------
Resolution: Fixed
> Provide for password encryption within persistence.xml
> ------------------------------------------------------
>
> Key: OPENJPA-1089
> URL: https://issues.apache.org/jira/browse/OPENJPA-1089
> Project: OpenJPA
> Issue Type: New Feature
> Components: jpa
> Affects Versions: 1.3.0
> Reporter: Kevin Sutter
> Assignee: Michael Dick
> Attachments: OPENJPA-1089-2.patch, OPENJPA-1089.PATCH
>
> Original Estimate: 0h
> Remaining Estimate: 0h
>
> A recent discussion on our users forum [1] has surfaced (again) the need to encrypt the password fields in the persistence.xml. In the particular scenario outlined in the posting, this user wanted to encrypt the password sent into Apache DBCP via the url string. In my mind, that's a separate problem related to DBCP.
> But, OpenJPA has openjpa.Connection*Password properties that could be encrypted. And, the new JPA 2 spec outlines a javax.persistence.jdbc.password property that would be nice to encrypt.
> I'm opening this Issue as a Feature request, but it could also be considered a bug since a non-jndi environment is crippled from a security standpoint.
> [1] http://n2.nabble.com/How-to-encrypt-DB-password-in-persistence.xml-td2868212.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.