Monday, April 26, 2010

Encrypting your jndi data source in Tomcat

I was shocked to discover at my new gig that the database password that Tomcat loaded up into JNDI were not encrypted on the live site.  I was even more shocked that Tomcat does not provide a quick fix for this.

So here's mine.  Encode the password in your text file, and figure out where the below goes in your code:

     * Get a DataSource for the given JNDI name (with caching of lookups)
     * @param dataSourceJNDIName The DataSource name
     * @return A DataSource for JNDI name 'dataSourceJNDIName', or null if the
     * lookup fails.
    public static DataSource getDataSource(String dataSourceJNDIName)
        DataSource dataSource = null;
        if (null != dataSourceJNDIName) {
            dataSource = (DataSource)dataSourceCache.get(dataSourceJNDIName);
            if (null == dataSource) {
                try {
                    dataSource = (DataSource) jndiContext.lookup(JNDI_PREFIX + dataSourceJNDIName);
                    //cast the datasource to the Apache BasicDataSource class
                    BasicDataSource bds=(BasicDataSource)dataSource;
                    //decrypt the password

                    Logs.debug(JNDI_PREFIX + dataSourceJNDIName + " returns " + dataSource);
                    if (null != dataSource) {
                        dataSourceCache.put(dataSourceJNDIName, dataSource);
                } catch (NamingException name) {
                    Logs.error("Naming exception (" + name + ") on lookup of '"
                        + dataSourceJNDIName + "'.");
        return dataSource;



Mathew said...

It is really not a concern. If they get to ur datasource files, they have already penetrated ur network. Next it is not encryption it is encoding, base 64. Not a difficult thing to hack just one iteration. So it is wrong info. Not accurate info being shared by u.

fishdan said...

You want to encrypt the DB password so that when the web server is hacked, it doesn't give up the keys to the DB. The webserver is outward facing, the DB should not be. Keeping the passwords encrypted makes sense.

Regarding the encryption method, I agree -- use something stronger that base64. I just threw that in there as an example.