Maybe someone who's using cayenne in a desktop application could
submit a PromptingDataSourceFactory (which is properly
view-renderer-agnostic) and we could add it to cayenne. It's been
asked for enough. Maybe also a swing or awt default implementation of
the delegate or strategy pattern prompter.
At minimum, it'd hide some of the low-level cayenne details of doing
this from the end-developer.
On 2/17/06, Andrus Adamchik <andru..bjectstyle.org> wrote:
> In practical terms the encryption idea seems no different from
> entering DB password every time you start an app ( 1. you still have
> to enter some key; 2. no plaintext password is stored on the hard
> drive). And you can already do the later with a custom
> DataSourceFactory.
>
> So IMO the most straightforward solution that addresses password
> security is
>
> * use JNDI for web apps
> * use custom DataSourceFactory that pops up a login dialog for
> desktop apps
>
> (Tomislav: a custom org.objectstyle.cayenne.conf.DataSourceFactory
> implementation class can be entered for the DataNode using
> "DataSource Factory" field in the Modeler)
>
> Andrus
>
> On Feb 17, 2006, at 11:42 AM, Gentry, Michael ((Contractor)) wrote:
>
> > I've thought about adding encryption support in the modeler, but
> > just haven't gotten around to it. The basic idea would be a public/
> > private key approach. Cayenne would supply the public key and
> > you'd enter the private key in the modeler (which wouldn't be
> > saved) and then the encrypted password would be stored in
> > the .xml. Of course, you'd have to provide the private key somehow
> > in your application (so Cayenne could decrypt the passwords), but
> > since everyone would use a different approach to providing this
> > data, it would at least be more obscure than "go look in the XML
> > file" and provide a bit more security. Plan B, of course, is to
> > use JNDI. :-) But, JNDI wouldn't work too well for desktop
> > applications.
> >
> > I don't think a discussion of this would be too off-topic if there
> > is any interest.
> >
> > Thanks,
> >
> > / dev/mrg
> >
> > -----Original Message-----
> > From: Tomi NA [mailto:hefes..mail.com]
> > Sent: Thursday, February 16, 2006 5:10 PM
> > To: cayenne-use..bjectstyle.org
> > Subject: username/password in node xml definition
> >
> > I've seen the issue come up a couple of years ago so maybe this is
> > just a confirmation request.
> > What is the recommended way to initialize the DataContext with
> > runtime username/password setting?
> > Doing web app development, this kind of initialization was good:
> > Configuration.getSharedConfiguration().getDomain().createDataContext()
> > A plaintext file containing a password on every users hard drive is
> > a recipe for trouble.
> >
> > TIA,
> > Tomislav
>
>
This archive was generated by hypermail 2.0.0 : Fri Feb 17 2006 - 12:09:25 EST