The Source for Java Technology Collaboration

Home » java.net Forums » GlassFish » GlassFish

Thread: Database Password in Clear Text in the domain.xml File

Welcome, Guest Help
Login Login
Guest Settings Guest Settings
Reply to this Thread Reply to this Thread Search Forum Search Forum Back to Thread List Back to Thread List

Permlink Replies: 3 - Last Post: May 27, 2006 4:04 PM by: km105526
delacova

Posts: 2
Database Password in Clear Text in the domain.xml File
Posted: May 27, 2006 12:58 PM
  Click to reply to this thread Reply

When I created a database connection pool, I observed that the password for the database is in clear text in the domain.xml file. This is a security violation at many companies. Is there a way to secure the database password?

Thanks

Delacova

km105526

Posts: 173
Re: Database Password in Clear Text in the domain.xml File
Posted: May 27, 2006 2:31 PM   in response to: delacova
  Click to reply to this thread Reply

Yes. There is a way by which you could hide this password or
avoid displaying it in clear text in domain.xml. But before even we go there, note that on good operating systems
like Solaris, the domain creation process for GlassFish
takes care of setting the permissions of this file to 0600.
And dare I say that the highest form of security is derived
from the platform and its file system. Once you compromise
that, you are hosed anyway.

But in large enterprises, it might be the case that
domain.xml needs to be shared and hence storing passwords
of any kind in clear is not a good idea.

Fortunately, we have a solution and that is called
creating password aliases where there is a JCEKS keystore
called "domain-passwords" is created in the domain/config
folder and then it is "referenced" from domain.xml using
a special notation like: "${ALIAS=alias1}". The alias,
alias1 is an encrypted entry in the store "domain-passwords".

Please check out the commands:
- asadmin create-password-alias (http://tinyurl.com/gom3l)

Let me know if you want to know more. I am assuming that
you are familiar with what is called the master password
and its use. In GlassFish, it is kinda understated
password with default value of "changeit". It is the
primary key with which the keystore (keystore.jks)
is locked.

Regards,
Kedar

delacova

Posts: 2
Re: Database Password in Clear Text in the domain.xml File
Posted: May 27, 2006 3:17 PM   in response to: km105526
  Click to reply to this thread Reply

Kedar,
Thanks for the information. I am not familiar with the master password and its use that you suggested. But, you pointed me in the right direction, and I can go read more about it.

Thanks again.

Delacova

km105526

Posts: 173
Re: Database Password in Clear Text in the domain.xml File
Posted: May 27, 2006 4:04 PM   in response to: delacova
  Click to reply to this thread Reply

Delacova,

Good. Thank you.

Regards,
Kedar


Point your RSS reader here for a feed of the latest messages in all forums
Go Back Back to Thread List



 XML java.net RSS
Feedback  | FAQ  | Press | Terms of Use
Privacy  |  Trademarks | Site Map
 
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Participation.
 
Copyright © 1995-2006 Sun Microsystems, Inc.
Collabnet Logo Cognisync Communities
Powered by Sun Microsystems, Inc.,
CollabNet and Cognisync