Uploaded image for project: 'OpenJPA'
  1. OpenJPA
  2. OPENJPA-1089

Provide for password encryption within persistence.xml

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.3.0, 2.0.0
    • Fix Version/s: 1.3.0, 2.0.0-M3
    • Component/s: jpa
    • Labels:
      None
    • Patch Info:
      Patch Available

      Description

      A recent discussion on our users forum [1] has surfaced (again) the need to encrypt the password fields in the persistence.xml. In the particular scenario outlined in the posting, this user wanted to encrypt the password sent into Apache DBCP via the url string. In my mind, that's a separate problem related to DBCP.

      But, OpenJPA has openjpa.Connection*Password properties that could be encrypted. And, the new JPA 2 spec outlines a javax.persistence.jdbc.password property that would be nice to encrypt.

      I'm opening this Issue as a Feature request, but it could also be considered a bug since a non-jndi environment is crippled from a security standpoint.

      [1] http://n2.nabble.com/How-to-encrypt-DB-password-in-persistence.xml-td2868212.html

        Attachments

        1. OPENJPA-1089-2.patch
          16 kB
          Rick Curtis
        2. OPENJPA-1089.PATCH
          11 kB
          Rick Curtis

          Activity

            People

            • Assignee:
              mikedd Michael Dick
              Reporter:
              kwsutter Kevin Sutter
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: