So here's mine. Encode the password in your text file, and figure out where the below goes in your code:
/**
* Get a DataSource for the given JNDI name (with caching of lookups)
*
* @param dataSourceJNDIName The DataSource name
* @return A DataSource for JNDI name 'dataSourceJNDIName', or null if the
* lookup fails.
*/
public static DataSource getDataSource(String dataSourceJNDIName)
{
DataSource dataSource = null;
if (null != dataSourceJNDIName) {
dataSource = (DataSource)dataSourceCache.get(dataSourceJNDIName);
if (null == dataSource) {
try {
dataSource = (DataSource) jndiContext.lookup(JNDI_PREFIX + dataSourceJNDIName);
//cast the datasource to the Apache BasicDataSource class
* Get a DataSource for the given JNDI name (with caching of lookups)
*
* @param dataSourceJNDIName The DataSource name
* @return A DataSource for JNDI name 'dataSourceJNDIName', or null if the
* lookup fails.
*/
public static DataSource getDataSource(String dataSourceJNDIName)
{
DataSource dataSource = null;
if (null != dataSourceJNDIName) {
dataSource = (DataSource)dataSourceCache.get(dataSourceJNDIName);
if (null == dataSource) {
try {
dataSource = (DataSource) jndiContext.lookup(JNDI_PREFIX + dataSourceJNDIName);
//cast the datasource to the Apache BasicDataSource class
BasicDataSource bds=(BasicDataSource)dataSource;
//decrypt the passwordbds.setPassword(EncryptionHelper.decode(bds.getPassword()));
Logs.debug(JNDI_PREFIX + dataSourceJNDIName + " returns " + dataSource);
if (null != dataSource) {
dataSourceCache.put(dataSourceJNDIName, dataSource);
}
} catch (NamingException name) {
Logs.error("Naming exception (" + name + ") on lookup of '"
+ dataSourceJNDIName + "'.");
}
}
}
return dataSource;
}
2 comments :
It is really not a concern. If they get to ur datasource files, they have already penetrated ur network. Next it is not encryption it is encoding, base 64. Not a difficult thing to hack just one iteration. So it is wrong info. Not accurate info being shared by u.
You want to encrypt the DB password so that when the web server is hacked, it doesn't give up the keys to the DB. The webserver is outward facing, the DB should not be. Keeping the passwords encrypted makes sense.
Regarding the encryption method, I agree -- use something stronger that base64. I just threw that in there as an example.
Post a Comment