Password encryption in Jackrabbit

Question

I am currently standing up a Liferay portal instance. Liferay uses Jackrabbit as its document repository management system. To configure Jackrabbit, I had to put in my database access URL, user name, and password into the repository.xml file. However, one certification check I have to pass is that there cannot be passwords stored in plain text files. So my question is how do I encrypt the password field in my Jackrabbit repository.xml file. Thanks.

If you use a database to store the repository data, then the repository.xml file contains database passwords. If the database supports connecting with the password hash instead of connecting with the plain text password, would that solve the problem? — Thomas Mueller, Aug 18 '10 at 18:00

score 2 · Answer 1 · answered Jul 16 '10 at 10:36

2

Maybe using JNDI solves the problem: http://wiki.apache.org/jackrabbit/UsingJNDIDataSource

answered Jul 16 '10 at 10:36

Thomas Mueller

48,905
14
116
132

score 1 · Answer 2 · answered Jun 06 '11 at 19:11

1

Per Liferay support the version of Jackrabbit in 5.2.x EE (that we use with Oracle backend) has a bug with using JNDI calls.

answered Jun 06 '11 at 19:11

Vanita

11
1

Password encryption in Jackrabbit

2 Answers2