On 2/17/06, Andrus Adamchik <andru..bjectstyle.org> wrote:
>
> In practical terms the encryption idea seems no different from
> entering DB password every time you start an app ( 1. you still have
> to enter some key; 2. no plaintext password is stored on the hard
> drive). And you can already do the later with a custom
> DataSourceFactory.
>
> So IMO the most straightforward solution that addresses password
> security is
>
> * use JNDI for web apps
Why is this? I've read a bit about JNDI - very little, I'll admit - but
haven't learned anything that would obviouly eliminate it as a possible
solution, aside from the fact that adding yet another new technology (new =
I haven't used it before on a project) would add too heavy a burden to the
work still left.
* use custom DataSourceFactory that pops up a login dialog for
> desktop apps
Ideally, I'd like noone except a server root to have access to the database
login info. In that respect, JNDI seemed a natural solution: let's put all
the application-level login information into a, say, LDAP directory, and
allow identified users to get an already initialized DataSource...or
something like that. :)
t.n.a.
This archive was generated by hypermail 2.0.0 : Sat Feb 18 2006 - 14:29:02 EST