1

I have Spring JPA configuration as below

<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close" > <property name="driverClassName" value="${jdbc.driverClassName}" /> <property name="url" value="${jdbc.url}" /> <property name="username" value="${jdbc.username}" /> <property name="password" value="${jdbc.password}" /> </bean> <bean id="emf" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean" > <property name="dataSource" ref="dataSource" /> <property name="jpaVendorAdapter" ref="vendorAdaptor" /> <property name="packagesToScan" value="pk.training.model"/> <property name="jpaProperties"> <props> ... <prop key="hibernate.show_sql">true</prop> </props> </property> </bean>

I have properties file in which i have password like 

jdbc.password=abc123

When my application runs, spring context loads and makes connection to database. Fine. Now I want to ask suppose i give password in encrypted form, like

jdbc.password=$53ytg#@!

Now how JPA connect to database ? Is there any property by which JPA handles encrypted password by itself or I have to do some thing on my own ?

Thanks.

Improve this question
2

1 Answer 1

Reset to default
1

You have to do this your own. Security wise, it doesn't add much, though. An attacker can

  1. Set a breakpoint in Spring, wait until the bean is created and read the password from the field
  2. Look at your code, find out where you store the key to decrypt the DB password, extract and use your code to decrypt it
  3. Since most DB driver don't encrypt the data exchanged between your app and the database by default, your password (and all the data) is sent as plain text over the wire (unless the database is on the same server as your application).

So in most scenarios, the thing to do is to put the DB user and password in a file on your server's disk and make sure only authorized people can access this file (plus your app can read it). Encrypting the password only adds obscurity, no real security.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.