3

I never seen this but I wondering if somebody has come across. Having a web server which access a database. I want to pass the database password encrypted and have spring context decrypting it before setting the datasource. I know the spring security can do some of this like using a salt file in the web server, etc.

The challenge here is that I don't want to give a clear user,password,url to the web server team. Just an encrypted password and have spring decrypted before using it.

Is there something like this already? I know I could code something but is it already done?

Thanks

Fabio
  • 555
  • 3
  • 9
  • 24
  • Already answered in http://security.stackexchange.com/questions/1711/storing-private-asymmetric-key-in-application-binary/ ? – AngerClown Jan 19 '12 at 21:05
  • @AngerClown I got 3/4th and I did not see the question reflected, but I think the answers could be surprisingly similar. – Maarten Bodewes Jan 19 '12 at 23:23
  • Hi Fabio & welcome. Would the encrypted password have less access to the database then the plain password? If that's not the case, then your encrypted password does not provide any security, it's basically a new, less readable, plain password. – Maarten Bodewes Jan 19 '12 at 23:25
  • I actually found the answer at: http://stackoverflow.com/questions/3423135/how-to-use-encrypted-password-in-apache-basicdatasource – Fabio Jan 19 '12 at 23:54

3 Answers3

4

By using an org.jasypt.properties.EncryptableProperties object, an application would be able to correctly read and use a .properties file like this:

 datasource.driver=com.mysql.jdbc.Driver
 datasource.url=jdbc:mysql://localhost/reportsdb
 datasource.username=reportsUser
 datasource.password=ENC(G6N718UuyPE5bHyWKyuLQSm02auQPUtm)

Note that the database password is encrypted (in fact, any other property could also be encrypted, be it related with database configuration or not).

More information :

http://www.jasypt.org/encrypting-configuration.html

Abhishek Ranjan
  • 911
  • 1
  • 14
  • 29
  • why arent you using spring. datasource.password=ENC(G6N718UuyPE5bHyWKyuLQSm02auQPUtm) but datasource.password ? – valik Dec 19 '19 at 08:45
  • The post is old , where it's using Hibernate as a provider you can use spring.<> if you are on Spring Boot or latest versions of Spring . – Abhishek Ranjan Apr 07 '20 at 21:37
1

I actually found exactly what I was looking for in this thread:

How to use encrypted password in apache BasicDataSource? Here are the details from jasyp http://www.jasypt.org/spring3.html

Community
  • 1
  • 1
Fabio
  • 555
  • 3
  • 9
  • 24
0

This problem and solution to it is explained here..(link)

db.Properties.

#driverClassName=oracle.jdbc.driver.OracleDriver
#url=jdbc:oracle:thin:@localhost:1521:XE
#username=ITEM_INVENTORY
driverClassName=com.mysql.jdbc.Driver
url=jdbc:mysql://localhost:3306/ITEM_INVENTORY?zeroDateTimeBehavior=convertToNull

username=root

  1. Encrypt db.Properties

      ##password=cGFzc3dvcmQ=
  password=cm9vdA==

The spring beans configuration for the datasource would look like this (here you may use only password part)

  1. spring-beans.xml 

    <bean id="dataSource" destroy-method="close"  class="org.apache.commons.dbcp.BasicDataSource">
    <property name="driverClassName" value="db#[driverClassName]" />
    <property name="url" value="db#[url]" />
    <property name="username" value="db#[username]" />
    <property name="password" value="encryptedDb#[password]" />
 </bean>  
 <bean id="dbPropertyPlaceholder" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">  
 <property name="locations">  
     <list>  
       <value>classpath:db.properties</value>  
     </list>  
  </property>  
     <property name="placeholderPrefix" value="db#[" />
     <property name="placeholderSuffix" value="]" />  
  </bean>  
  <bean id="encryptedDbPropertyPlaceholder"  class="com.inventory.api.util.DecryptPropertyConfigurer">  
    <property name="locations">  
       <list>  
          <value>classpath:encryped_db.properties</value>  
       </list>  
    </property>  
    <property name="placeholderPrefix" value="encryptedDb#[" />  
    <property name="placeholderSuffix" value="]" /&gt;  
  </bean>

And so on.. please refer given link for more information..

MarmiK
  • 5,639
  • 6
  • 40
  • 49
Kayalvizhi NoorulAmeen
  • 38
  • 4
  • While this link may answer the question, it is better to include the essential parts of the answer [here](http://meta.stackexchange.com/a/8259) and provide the link for reference. Link-only answers can become invalid if the linked page changes. Adding the same link to often might be seen as spam. – bummi Apr 11 '14 at 09:29