[OPENJPA-1089] Provide for password encryption within persistence.xml - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.3.0, 2.0.0
Fix Version/s: 1.3.0, 2.0.0-M3
Component/s: jpa
Labels:
None

Patch Info:

Patch Available

Description

A recent discussion on our users forum [1] has surfaced (again) the need to encrypt the password fields in the persistence.xml. In the particular scenario outlined in the posting, this user wanted to encrypt the password sent into Apache DBCP via the url string. In my mind, that's a separate problem related to DBCP.

But, OpenJPA has openjpa.Connection*Password properties that could be encrypted. And, the new JPA 2 spec outlines a javax.persistence.jdbc.password property that would be nice to encrypt.

I'm opening this Issue as a Feature request, but it could also be considered a bug since a non-jndi environment is crippled from a security standpoint.

[1] http://n2.nabble.com/How-to-encrypt-DB-password-in-persistence.xml-td2868212.html

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

OPENJPA-1089-2.patch
03/Aug/09 15:54
16 kB
Richard G. Curtis
OPENJPA-1089.PATCH
23/Jul/09 18:56
11 kB
Richard G. Curtis

Activity

People

Assignee:: Michael Dick

Reporter:: Kevin W. Sutter

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 15/May/09 14:55

Updated:: 09/Mar/10 18:31

Resolved:: 16/Sep/09 15:36