Last Published: 16 Jan 2008 | Version: 1.4.1

Main | Download | Features | Users Forum | Sourceforge.net Project Page

The Jasypt Project

Reference

Community

Guides

Articles

· How to encrypt user passwords

Built with Maven 2

Hosted on SourceForge.net

Jasypt Users Forum

|

»

hibernate and jasypt: password is saved?

View: New views

4 Messages — Rating Filter: Alert me

	hibernate and jasypt: password is saved? by GhostPa :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi All, I am newbie of jasypt. I Have a question. It 's need to store password used for crypting method in my web application or user juat insert password in runtime? Thanks all.
	Re: hibernate and jasypt: password is saved? by subversion :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Good question. You have to provide a password anyway in your application, either hardcode in the app source or read from a keystore protected by another password. How to make passwork to keystore safe is another question. GhostPa wrote: Hi All, I am newbie of jasypt. I Have a question. It 's need to store password used for crypting method in my web application or user juat insert password in runtime? Thanks all.
	Re: hibernate and jasypt: password is saved? by subversion :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Good question. You have to provide a password anyway in your application, either hardcode in the app source or read from a keystore protected by another password. How to make passwork to keystore safe is another question. GhostPa wrote: Hi All, I am newbie of jasypt. I Have a question. It 's need to store password used for crypting method in my web application or user juat insert password in runtime? Thanks all.
	Re: hibernate and jasypt: password is saved? by bubenik :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message +------------------------+ Jasypt Users List http://www.jasypt.org +------------------------+ Hi, There are several options: - provide encryption pwd in properties file (readable for all) - provide encryption pwd as system property: than you have it somewhere in the start scripts of your application, again readable for all - provide encryption pwd in class file: You may think of providing an implementation of org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig - provide encryption pwd in java keystore: not perfect but pretty good choice - manual input on startup: probably most secure but than you cannot start your app server automatically What to do is an endless debate and depends strongly on your requirenments - as allways. See for example this page (http://www.j2eegeek.com/blog/2005/08/22/are-clear-text-passwords-better-than-2-way-encrypted-passwords/) for a snipet of this discussion. Hope this helps Greetings Wolf -----Ursprüngliche Nachricht----- Von: GhostPa [mailto:peppe.fabio@...] Gesendet: Donnerstag, 23. Juli 2009 15:53 An: jasypt-users@... Betreff: [jasypt-users] hibernate and jasypt: password is saved? +------------------------+ Jasypt Users List http://www.jasypt.org +------------------------+ Hi All, I am newbie of jasypt. I Have a question. It 's need to store password used for crypting method in my web application or user juat insert password in runtime? Thanks all. -- View this message in context: http://www.nabble.com/hibernate-and-jasypt%3A-password-is-saved--tp24626193s21332p24626193.html Sent from the Jasypt - Users mailing list archive at Nabble.com. ------------------------------------------------------------------------------ _______________________________________________ jasypt-users mailing list jasypt-users@... https://lists.sourceforge.net/lists/listinfo/jasypt-users ------------------------------------------------------------------------------ _______________________________________________ jasypt-users mailing list jasypt-users@... https://lists.sourceforge.net/lists/listinfo/jasypt-users