File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Hardcode password in jboss file

 
Siti Mahani Abdul Karim
Greenhorn
Posts: 3
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

i am newbie in jboss. i need to study how to avoid hardcode application id password in jboss file.. and i also not sure where this file is located.

it's running on AS400 using DB2.

anyone can share with me on this? all ideas are welcome.

Thanks a lot

Nonie :roll:
 
Jaikiran Pai
Marshal
Pie
Posts: 10444
227
IntelliJ IDE Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are you refering to the datasource files (*-ds.xml) which contain the password of the database user? If so, you can avoid mentioning the password in plain string there. Follow the instructions at EncryptingDataSourcePasswords

Let us know, if you were looking for something else.
 
Siti Mahani Abdul Karim
Greenhorn
Posts: 3
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Jaikiran..

Thanks for your reply. by using the command, so dont have to hardcode the password? correct me if im wrong, jboss is application server software right? so how does this jboss file talk to database and why sometimes the programmer hardcode the application id password ? they claim that they must put the password in clear text . is it true?

i almost fainted...

thanks a lot

Nonie
 
Jaikiran Pai
Marshal
Pie
Posts: 10444
227
IntelliJ IDE Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Siti Mahani Abdul Karim:

Thanks for your reply. by using the command, so dont have to hardcode the password?


Yes, following that approach, you dont have to have passwords in clear text.

Originally posted by Siti Mahani Abdul Karim:
correct me if im wrong, jboss is application server software right?

Yes that's right.

Originally posted by Siti Mahani Abdul Karim:
so how does this jboss file talk to database


You configure a datasource which contains details about the database server and the database and the JDBC driver. JBoss then allows applications to use this information to talk to the database through the driver.

Originally posted by Siti Mahani Abdul Karim:
and why sometimes the programmer hardcode the application id password ? they claim that they must put the password in clear text . is it true?


In a development environment, having passwords as clear text causes not much harm. And since there is no additional step involved (to encrypt passwords), developers prefer having the password as clear text. But in production environment, encryption of the password (using the steps mentioned in my earlier post) is necessary.
 
Siti Mahani Abdul Karim
Greenhorn
Posts: 3
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Jaikiran,

ok thanks a lot, really useful info. just want to know, is this also applicable for SQL server?

Thanks

-Nonie
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic