开发者

Is there is any way to protect the password in .xml using spring

Is there is any way to protect开发者_运维技巧 database password in -servlet.xml file using spring

<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
  <property name="driverClassName"><value>com.mysql.jdbc.Driver</value></property>
  <property name="url"><value>jdbc:mysql:///BUSINESS</value></property>
  <property name="username"><value>root</value></property>
  <property name="password"><value>password</value></property>    
 </bean>


Built-in, no. But you can check this blogpost which shows how to extend the DataSource to provide AES encryption of the passwords.

Another approach might be to extend PropertyPlaceholderConfigurer and handle the AES (or RSA) encryption of the properties.

However, as noted in the comments of the linked blogpost, having the cipher key stored in the same file does not add significant security - it only adds obfuscation. So in both approaches above you have to obtain the AES/RSA key from another location, possibly accessible only for the user under which your application server is started (this has to do with OS security).


The approach often taken for this is to have the password stored in an external properties file on the production machine. Access to this file can then be restricted.

See here for how to configure the spring part of this:

property-placeholder location from another property

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜