File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Object Relational Mapping and the fly likes Hiding password value from persistance.xml Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Databases » Object Relational Mapping
Bookmark "Hiding password value from persistance.xml" Watch "Hiding password value from persistance.xml" New topic
Author

Hiding password value from persistance.xml

AmitKumar Dutta
Greenhorn

Joined: Sep 27, 2010
Posts: 14
Hi
I am using JPA(Hibernate) as ORM. My Persistance xml looks like
<persistence-unit name="JPATestPU" transaction-type="RESOURCE_LOCAL">
<provider>org.hibernate.ejb.HibernatePersistence</provider>
<properties>
<property name = "hibernate.connection.driver_class" value = "oracle.jdbc.driver.OracleDriver"/>
<property name = "hibernate.connection.url" value = "jdbcracle:thin:@100.100.100.100:1521:ecprod"/>
<property name = "hibernate.connection.username" value = "abcd"/>
<property name = "hibernate.connection.password" value = "*******"/>
</properties>
</persistence-unit>
I do not want to display the password in this xml file. Is there any way to hide thi password value.
Thanks in advance.

Amit
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

You could programatically configure this if you really feel this is an issue.

JavaRanch FAQ HowToAskQuestionsOnJavaRanch
AmitKumar Dutta
Greenhorn

Joined: Sep 27, 2010
Posts: 14
Thanks Paul..
Any pointer how to configure programatically.
AmitKumar Dutta
Greenhorn

Joined: Sep 27, 2010
Posts: 14
Hi All
Following is the java code :

Map properties = new HashMap();
properties.put("hibernate.connection.password", "password");

emf = Persistence.createEntityManagerFactory("MyJPA", properties);

Thanks
Amit
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

Why don't you want it in the persistence file?

If your hypothetical "bad people" have access to that file, they already have access to your machine, and you're already way more screwed than if they just had access to the DB.
AmitKumar Dutta
Greenhorn

Joined: Sep 27, 2010
Posts: 14
Yes, correct I understand your point.
But the requirement is not display username, password in the XML .
I am thinking if
1) I could encrypt the password and place it in a properties file
2) use a datasource thru jndi
Can anyone suggest any standard way?
Thanks
Amit
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

Requirements like that usually come from people that don't know what they're talking about. It'd be easier to configure a JNDI resource.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Hiding password value from persistance.xml