Sensitive data in persistence.xml

Question

Sensitive data in persistence.xml

Asked 7 years, 10 months ago

Viewed 77 times

1

I am using JPA in my application and so I have a file persistence.xml which contains the connection data to my database:

<property name="javax.persistence.jdbc.url" value="jdbc:postgresql://localhost/banco" />
<property name="javax.persistence.jdbc.user" value="admin" />
<property name="javax.persistence.jdbc.password" value="123456" />
<property name="javax.persistence.jdbc.driver" value="org.postgresql.Driver" />
<property name="hibernate.dialect" value="org.hibernate.dialect.PostgreSQL9Dialect" />

I wouldn’t like to commit passwords and users in plain text, so I would like to know if anyone knows any ELEGANT alternative to manage the sensitive data of my application, some encryption mechanism, for example.

If you are going to use the solution together with a versioning system, I recommend a look at this project, which happens to be from Stackexchange: https://github.com/StackExchange/blackbox

– Bacco

2016/08/28 at 16:32
If you use a full Javaee Enterprise container configuration and management is in charge of the container, Tomcat is also used JNDI to name these resources

– Dilnei Cunha

2016/08/28 at 17:04
1

I think JNDI in this case would be ideal for me. I prefer to leave the container (Tomcat) this control of sensitive data. Thanks for the tips! :)

– Giuliana Bezerra

2016/08/28 at 21:29

1 answer

Browser other questions tagged jpa jpa-2.0

You are not signed in. Login or sign up in order to post.

by Giuliana Bezerra • **3,707** points · Answer 1 · 2016-08-28T21:30:57+00:00

Solved using JNDI. I prefer to leave this control of sensitive data to the container (Tomcat).