RE: Password Encryption

I needed to use the following technique to solve a similar challenge recently and, though seemingly obvious, I found no references on the web.  I cannot give it a full stamp of approval but it is working for us so far:

1)      Extend the iBatis class SimpleDataSourceFactory:
public class YourClass extends SimpleDataSourceFactory { … }

2)      Find a way to override access to the property JDBC.Password [sorry that I cannot take the time to do this for you but if memory serves, you should be able to do this]

3)      Modify your configuration as follows [note that JDBC.Password is missing because it will presumably be retrieved at runtime]:

 

    <transactionManager type="JDBC" >

        <dataSource type="your.package.YourClass">

            <property name="JDBC.Driver" value="${jdbc.driver}"/>

            <property name="JDBC.ConnectionURL" value="${jdbc.url}"/>

            <property name="JDBC.Username" value="${jdbc.user}"/>

            <property name="JDBC.DefaultAutoCommit" value="true"/>

        </dataSource>

    </transactionManager>

 

 

 

I'm using SIMPLE transactionmanager

 

    <transactionManager type="JDBC" >

        <dataSource type="SIMPLE">

            <property name="JDBC.Driver" value="${jdbc.driver}"/>

            <property name="JDBC.ConnectionURL" value="${jdbc.url}"/>

            <property name="JDBC.Username" value="${jdbc.user}"/>

            <property name="JDBC.Password" value="${jdbc.password}"/>

            <property name="JDBC.DefaultAutoCommit" value="true"/>

        </dataSource>

    </transactionManager>

 

 

 

Depending on the DataSource you are using, you might be able extend that class to override a particular property/method call.  Can you describe your iBatis configuration? (i.e. sqlMap.xml, are you using Spring, what datasource are you using)

 

 

Hello,

 

I have encrypted password in properties file.

 

To decrypt I have to call a function.

 

How can I make ibatis call this function to get decrypted password before making jdbc connection?

 

Thanks

Ejaz

This email is confidential and subject to important disclaimers and conditions including on offers for the purchase or sale of securities, accuracy and completeness of information, viruses, confidentiality, legal privilege, and legal entity disclaimers, available at http://www.jpmorgan.com/pages/disclosures/email.

This email is confidential and subject to important disclaimers and conditions including on offers for the purchase or sale of securities, accuracy and completeness of information, viruses, confidentiality, legal privilege, and legal entity disclaimers, available at http://www.jpmorgan.com/pages/disclosures/email.