Re: username/password in node xml definition

From: Andrus Adamchik (andru..bjectstyle.org)
Date: Fri Feb 17 2006 - 11:58:49 EST

Next message: Mike Kienenberger: "Re: username/password in node xml definition"

Previous message: Mike Kienenberger: "Re: Computed Attributes"
In reply to: Gentry, Michael \(Contractor\): "RE: username/password in node xml definition"
Next in thread: Mike Kienenberger: "Re: username/password in node xml definition"
Reply: Mike Kienenberger: "Re: username/password in node xml definition"
Reply: Tomi NA: "Re: username/password in node xml definition"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In practical terms the encryption idea seems no different from
entering DB password every time you start an app ( 1. you still have
to enter some key; 2. no plaintext password is stored on the hard
drive). And you can already do the later with a custom
DataSourceFactory.

So IMO the most straightforward solution that addresses password
security is

* use JNDI for web apps
* use custom DataSourceFactory that pops up a login dialog for
desktop apps

(Tomislav: a custom org.objectstyle.cayenne.conf.DataSourceFactory
implementation class can be entered for the DataNode using
"DataSource Factory" field in the Modeler)

Andrus

On Feb 17, 2006, at 11:42 AM, Gentry, Michael ((Contractor)) wrote:

> I've thought about adding encryption support in the modeler, but
> just haven't gotten around to it. The basic idea would be a public/
> private key approach. Cayenne would supply the public key and
> you'd enter the private key in the modeler (which wouldn't be
> saved) and then the encrypted password would be stored in
> the .xml. Of course, you'd have to provide the private key somehow
> in your application (so Cayenne could decrypt the passwords), but
> since everyone would use a different approach to providing this
> data, it would at least be more obscure than "go look in the XML
> file" and provide a bit more security. Plan B, of course, is to
> use JNDI. :-) But, JNDI wouldn't work too well for desktop
> applications.
>
> I don't think a discussion of this would be too off-topic if there
> is any interest.
>
> Thanks,
>
> / dev/mrg
>
> -----Original Message-----
> From: Tomi NA [mailto:hefes..mail.com]
> Sent: Thursday, February 16, 2006 5:10 PM
> To: cayenne-use..bjectstyle.org
> Subject: username/password in node xml definition
>
> I've seen the issue come up a couple of years ago so maybe this is
> just a confirmation request.
> What is the recommended way to initialize the DataContext with
> runtime username/password setting?
> Doing web app development, this kind of initialization was good:
> Configuration.getSharedConfiguration().getDomain().createDataContext()
> A plaintext file containing a password on every users hard drive is
> a recipe for trouble.
>
> TIA,
> Tomislav

Next message: Mike Kienenberger: "Re: username/password in node xml definition"
Previous message: Mike Kienenberger: "Re: Computed Attributes"
In reply to: Gentry, Michael \(Contractor\): "RE: username/password in node xml definition"
Next in thread: Mike Kienenberger: "Re: username/password in node xml definition"
Reply: Mike Kienenberger: "Re: username/password in node xml definition"
Reply: Tomi NA: "Re: username/password in node xml definition"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2.0.0 : Fri Feb 17 2006 - 11:58:52 EST