Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Kevin Kocher
Official support for storing the jdbc.default.password encrypted
October 30, 2012 2:12 PM
Answer

Kevin Kocher

Rank: New Member

Posts: 7

Join Date: October 30, 2012

Recent Posts

Not sure if I'm doing this correctly, but in reference to this thread:
http://www.liferay.com/community/forums/-/message_boards/view_message/12080537#_19_message_12080076

Either something in Liferay that officially supports storing the DB password encrypted in the portal-ext.properties file, or at least a callout that would allow me to decrypt the value and send it back during startup.

We have client requirements that absolutely will never allow plaintxt passwords stored on disk no matter what the file permissions are.
Thanks for your consideration.
Jorge Ferrer
RE: Official support for storing the jdbc.default.password encrypted
November 13, 2012 5:02 AM
Answer

Jorge Ferrer

LIFERAY STAFF

Rank: Liferay Legend

Posts: 2757

Join Date: August 31, 2006

Recent Posts

Hi Kevin,

We've considered adding this in the past, but we ended up concluding that when this type of security is needed, you should use a DataSource and most app servers already have support for encryption of passwords. If we implemented it for portal.properties it would be yet another key to keep and distribute.

Makes sense?
Hitoshi Ozawa
RE: Official support for storing the jdbc.default.password encrypted
November 13, 2012 5:25 AM
Answer

Hitoshi Ozawa

Rank: Liferay Legend

Posts: 7954

Join Date: March 23, 2010

Recent Posts

I agree with Jorge on this. Just use datasource to define database connection informaiton and encrypt password there.

JBoss:
https://community.jboss.org/wiki/JBossAS7SecuringPasswords

Tomcat:
http://stackoverflow.com/questions/129160/how-to-avoid-storing-passwords-in-the-clear-for-tomcats-server-xml-resource-def
Kevin Kocher
RE: Official support for storing the jdbc.default.password encrypted
December 4, 2012 6:47 AM
Answer

Kevin Kocher

Rank: New Member

Posts: 7

Join Date: October 30, 2012

Recent Posts

Great, I will take a look at that information. It's a feature I wasn't aware of.
Thank you both for the explanation on this.