0

We are using tomcat jdbc pool in our project. The connection pool configuration is

<Resource name="jdbc/cc" auth="Container" type="javax.sql.DataSource" username="xx" password="plain text"
  driverClassName="com.mysql.jdbc.Driver" url="jdbc:mysql://localhost:3306/xx?autoReconnect=true&amp;useUnicode=true&amp;characterEncoding=utf8"
  maxActive="50" maxIdle="25" minIdle="10" maxWait="10000"  testOnBorrow="true" 
  validationQuery="SELECT 1" factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"/>

We want to use encrypted DB password in configuration rather than plain text. How we can do this, please help me on this. ( we know how to do this if we are using tomcat dbcp, but the same implementation is not working for tomcat jdbc)

Anoop Issac
  • 27
  • 7
  • Your question is unclear, you have not provided enough detail. You never have to _decrypt_ a password, you encrypt the user's input and compare that with the stored encrypted password. – Jim Garrison Jan 30 '17 at 16:55
  • You might be focusing on a symptom rather than the underlying issue. There should be a limited number of trusted people that have access to the server. For example, developers need access to server log files, but should not have access to configuration files (or anything else). Yes, this causes some pain. But it increases your overall security and helps support audits if you're in a regulated business. – Andrew S Jan 30 '17 at 19:05
  • 1
    Later, I found this solution,https://github.com/Sewatech/swutils/blob/master/tc-utils/src/main/java/fr/sewatech/tcutils/jdbc/EncryptedDataSourceFactory.java – Anoop Issac Jan 31 '17 at 10:02

0 Answers0