File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JBoss/WildFly and the fly likes Hardcode password in jboss file Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "Hardcode password in jboss file" Watch "Hardcode password in jboss file" New topic
Author

Hardcode password in jboss file

Siti Mahani Abdul Karim
Greenhorn

Joined: Nov 22, 2007
Posts: 3
Hi all,

i am newbie in jboss. i need to study how to avoid hardcode application id password in jboss file.. and i also not sure where this file is located.

it's running on AS400 using DB2.

anyone can share with me on this? all ideas are welcome.

Thanks a lot

Nonie :roll:
Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 10288
    
168

Are you refering to the datasource files (*-ds.xml) which contain the password of the database user? If so, you can avoid mentioning the password in plain string there. Follow the instructions at EncryptingDataSourcePasswords

Let us know, if you were looking for something else.


[My Blog] [JavaRanch Journal]
Siti Mahani Abdul Karim
Greenhorn

Joined: Nov 22, 2007
Posts: 3
Hi Jaikiran..

Thanks for your reply. by using the command, so dont have to hardcode the password? correct me if im wrong, jboss is application server software right? so how does this jboss file talk to database and why sometimes the programmer hardcode the application id password ? they claim that they must put the password in clear text . is it true?

i almost fainted...

thanks a lot

Nonie
Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 10288
    
168

Originally posted by Siti Mahani Abdul Karim:

Thanks for your reply. by using the command, so dont have to hardcode the password?


Yes, following that approach, you dont have to have passwords in clear text.

Originally posted by Siti Mahani Abdul Karim:
correct me if im wrong, jboss is application server software right?

Yes that's right.

Originally posted by Siti Mahani Abdul Karim:
so how does this jboss file talk to database


You configure a datasource which contains details about the database server and the database and the JDBC driver. JBoss then allows applications to use this information to talk to the database through the driver.

Originally posted by Siti Mahani Abdul Karim:
and why sometimes the programmer hardcode the application id password ? they claim that they must put the password in clear text . is it true?


In a development environment, having passwords as clear text causes not much harm. And since there is no additional step involved (to encrypt passwords), developers prefer having the password as clear text. But in production environment, encryption of the password (using the steps mentioned in my earlier post) is necessary.
Siti Mahani Abdul Karim
Greenhorn

Joined: Nov 22, 2007
Posts: 3
Hi Jaikiran,

ok thanks a lot, really useful info. just want to know, is this also applicable for SQL server?

Thanks

-Nonie
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Hardcode password in jboss file