I've thought about adding encryption support in the modeler, but just
haven't gotten around to it. The basic idea would be a public/private
key approach. Cayenne would supply the public key and you'd enter the
private key in the modeler (which wouldn't be saved) and then the
encrypted password would be stored in the .xml. Of course, you'd have
to provide the private key somehow in your application (so Cayenne could
decrypt the passwords), but since everyone would use a different
approach to providing this data, it would at least be more obscure than
"go look in the XML file" and provide a bit more security. Plan B, of
course, is to use JNDI. :-) But, JNDI wouldn't work too well for
desktop applications.
I don't think a discussion of this would be too off-topic if there is
any interest.
Thanks,
/ dev/mrg
-----Original Message-----
From: Tomi NA [mailto:hefes..mail.com]
Sent: Thursday, February 16, 2006 5:10 PM
To: cayenne-use..bjectstyle.org
Subject: username/password in node xml definition
I've seen the issue come up a couple of years ago so maybe this
is just a confirmation request.
What is the recommended way to initialize the DataContext with
runtime username/password setting?
Doing web app development, this kind of initialization was good:
Configuration.getSharedConfiguration().getDomain().createDataContext()
A plaintext file containing a password on every users hard drive
is a recipe for trouble.
TIA,
Tomislav
This archive was generated by hypermail 2.0.0 : Fri Feb 17 2006 - 11:42:49 EST