2 Replies Latest reply: Apr 27, 2016 9:20 PM by Namrata Shah RSS

    Alternative place to define database connection details other then datawatchvdd xml

    Namrata Shah

      Hi,

       

      Generally we set database connection as following in datawatchvdd xml file

      <Resource name="jdbc/mySQLsakila"
      auth="Container"
      type="javax.sql.DataSource"
      maxActive="100"
      maxIdle="30"
      maxWait="10000"
      username="yourMySQLusername"
      password="yourMySQLpassword"
      driverClassName="com.mysql.jdbc.Driver"
      url="jdbc:mysql://127.0.0.1:3306/sakila"/>

      Is there any other way/place to do this? because this might not be secure?

      Question is coming purely from the security prospective.   Certain app server provides flexibility to define JNDI through admin console. Being Datawatch server on Tomcat, we are currently defining JNDI details under  datawatchvdd.xml file . DO we have any other secured way to define it?

        • Re: Alternative place to define database connection details other then datawatchvdd xml
          Edrun Yuen

          Hi Namrata,

           

          This is not something that is covered by the functionality in our product. Instead, it is part of the general Tomcat management and functionality.

           

          As a workaround you can Encrypt your passwords, however, encrypting passwords is just moving the problem somewhere else.

           

          Anyway, it's quite simple. Just write a class with static fields for your secret key and so on, and static methods to encrypt, decrypt your passwords. Encrypt your password in Tomcat's configuration file (server.xml or yourapp.xml...) using this class.

           

          And to decrypt the password "on the fly" in Tomcat, extend the DBCP's BasicDataSourceFactory and use this factory in your resource.

           

          It will look like:

           

            <Resource name="jdbc/myDataSource" auth="Container" type="javax.sql.DataSource" username="user" password="encryptedpassword" driverClassName="driverClass" factory="mypackage.MyCustomBasicDataSourceFactory" url="jdbc:blabla://..."/> 

          And for the custom factory:

          package mypackage; .... public class MyCustomBasicDataSourceFactory extends org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory { @Override public Object getObjectInstance(Object obj, Name name, Context nameCtx, Hashtable environment) throws Exception { Object o = super.getObjectInstance(obj, name, nameCtx, environment); if (o != null) { BasicDataSource ds = (BasicDataSource) o; if (ds.getPassword() != null && ds.getPassword().length() > 0) { String pwd = MyPasswordUtilClass.unscramblePassword(ds.getPassword()); ds.setPassword(pwd); } return ds; } else { return null; } }

          Since that this is a part of Tomcat, I would recommend to look for topics in Web that would provide you some idea that might be helpful as well.

           

          Hope this helps.