Re: Encrypted passwords in .xml files

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Encrypted passwords in .xml files

Apara



Hi Walter

Did you find answer for this? if u did please share




---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|

Re: Encrypted passwords in .xml files

Greg Wilkins-5

Walter,

the CRYPT password decoration is a one way encryption, so Jetty is unable to recover the password to pass to the DB2 datasource.  Crypt is really only of use if you are given a password (eg from a client) that you Crypt and then compare to the crypted version stored locally.

You can use OBF:,  but that is not strong protection.  It only protects from a casual look over the shoulder and anybody with the OBJ string can decode it.

To really crypt passwords, you need support from the datasources.



On 26 October 2010 17:43, <[hidden email]> wrote:

Peter,

This looks fine, but I like to use this for datasource

ex.

    <New id=DB" class="org.mortbay.jetty.plus.naming.Resource">
        <Arg>jdbc/DB</Arg>
        <Arg>
                 <New class="com.ibm.db2.jcc.DB2SimpleDataSource">
                        <Set name="DatabaseName">database/Set>
                        <Set name="User">user</Set>
                        <Set name="Password">password</Set>
                        <Set name="ServerName">server</Set>
                        <Set name="PortNumber">nnn</Set>
                </New>
        </Arg>
    </New>

java -cp lib/jetty-6.1.24.jar:lib/jetty-util-6.1.24.jar org.mortbay.jetty.security.Password user password  
password
OBF:1v2j1uum1xtv1zej1zer1xtn1uvk1v1v
MD5:5f4dcc3b5aa765d61d8327deb882cf99
CRYPT:usjRS48E8ZADM

I adapt to :

    <New id=DB" class="org.mortbay.jetty.plus.naming.Resource">
        <Arg>jdbc/DB</Arg>
        <Arg>
                 <New class="com.ibm.db2.jcc.DB2SimpleDataSource">
                        <Set name="DatabaseName">database/Set>
                        <Set name="User">user</Set>
                        <Set name="Password">CRYPT:usjRS48E8ZADM</Set>
                        <Set name="ServerName">server</Set>
                        <Set name="PortNumber">nnn</Set>
                </New>
        </Arg>
    </New>

But when starting the server, exception on invalid password.

Walter








Peter Ondruška <[hidden email]>
25/10/2010 20:23
Please respond to
[hidden email]
To
[hidden email]
cc
Subject
Re: [jetty-user] Encrypted passwords in .xml files





http://docs.codehaus.org/display/JETTY/Securing+Passwords

On Mon, Oct 25, 2010 at 4:00 PM,  <[hidden email]> wrote:
>
> Hi,
>
> We are using the jetty.xml file for our application and inside this file we
> declare some datasources. One of the properties of this configurarion is a
> password to be used for the database connection, which is readable inside
> the jetty.xml file.  Are there some ways to have these kind of properties
> encrypted?
>
> Walter
>



--
Peter

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

   http://xircles.codehaus.org/manage_email