ashuji
asked on
Secure Oracle DB Username & Password in Tomcat 6
Hi
I am using Oracle RAC as backend with Tomcat 6. I am storing, oralce username & password as simple text as in example below:
DBConfig.JDBCURL=jdbc:orac le:thin:@( descriptio n=(address _list=(loa d_balance= on)(failov er=on)(add ress=(prot ocol=tcp)( host=Oracl e_Server_N ame-vip)(p ort=1521)) (address=( protocol=t cp)(host=O RACLE_SERV ER_Virtual _IP)(port= 1521)))(co nnect_data =(service_ name=NAME_ of_SERVICE )(failover _mode=(typ e=select)( method=bas ic))))
DBConfig.Username=DB_USERN AME
DBConfig.Password=DB_PASSW ORD
Please suggest the way where I could keep the password in encrypted format.
Regards
Ashwani Jain
I am using Oracle RAC as backend with Tomcat 6. I am storing, oralce username & password as simple text as in example below:
DBConfig.JDBCURL=jdbc:orac
DBConfig.Username=DB_USERN
DBConfig.Password=DB_PASSW
Please suggest the way where I could keep the password in encrypted format.
Regards
Ashwani Jain
The web.xml configuration file for the webapp is a good place. Or you can create a separate properties file and read that when the webapp initializes.
ASKER
HI
I could not undersatnd the suggestion, please elaborate, it would be helpful if you could identify the step by step commands and file changes that are required to generate the encrypted DB password and then use that encrypted password in config file. Like steps mentioned in link belwo for JBoss:
https://community.jboss.org/wiki/EncryptingDataSourcePasswords
I could not undersatnd the suggestion, please elaborate, it would be helpful if you could identify the step by step commands and file changes that are required to generate the encrypted DB password and then use that encrypted password in config file. Like steps mentioned in link belwo for JBoss:
https://community.jboss.org/wiki/EncryptingDataSourcePasswords
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
HI mrcoffee365
This article (http://scribblejava.wordpress.com/2010/03/23/encrypt-username-and-password-for-jndi-in-tomcat-server-xml/) was helpful, but there are few question about it, since I am not developoer but just a Linux Admin, don't know how to do followings:
1. Create JAR as mentioned, it would be helpful if you could suggest exact commands
2. Generate encrypted code for password - no commands are mentioned.
This article (http://scribblejava.wordpress.com/2010/03/23/encrypt-username-and-password-for-jndi-in-tomcat-server-xml/) was helpful, but there are few question about it, since I am not developoer but just a Linux Admin, don't know how to do followings:
1. Create JAR as mentioned, it would be helpful if you could suggest exact commands
2. Generate encrypted code for password - no commands are mentioned.
The article gives the command to create a jar. I don't think you will be able to make this work unless you can get a programmer to work with you. If you don't know how to create an encrypted password, then the whole thing is not going to do you any good.
We don't do programming for people here at EE, we answer questions. I was able to answer you -- Tomcat doesn't have the capability you are looking for.
We don't do programming for people here at EE, we answer questions. I was able to answer you -- Tomcat doesn't have the capability you are looking for.
ASKER
I am still trying to get with DEV to to have JAR file created. In the mean time can you help me understand how to secure Login Credentials MSSQL DB in case.
Great. Award points on this question, since I answered it for you, and then you can ask another question on EE which doesn't have anything to do with Java or Tomcat. Your question now is about MSSQL database (not Oracle any more?) so you need some different experts looking at your new question.
ASKER
...