Hibernate version:
3.0.2

How to encrypt password in hibernate.cfg.xml? Our operations engineer doesn't allow plain-text password in production system.

Thanks

I suppose you can do something like this



But this won't make your code secure. It just makes it a bit more difficult to get the password. You need to get the key from somewhere. It is either harcoded or in config file ( i assume you don't want to enter it each time your program starts). So instead of reading the code in hibernate config file i need to.copy the whole program, set a breakpoint in Configuration.configure and i have your DB password. Yes, it is better than a plaintext password. but if someone wants it he can have it no time.

I would rather make sure that noone but the admin can can access your config files. If someone has access to that file you have already lost.

Hi,

I have created a simple standalone java file to test if I can encrypt DB password in hibernate.cfg.xml file using Jasypt.
If it works fine, I am planning to use the same in my java batch application. Following is my hibernate.cfg.xml file:
hibernate.cfg.xml:
******************
<hibernate-configuration>
<session-factory>
<property name="connection.provider_class">
org.jasypt.hibernate4.connectionprovider.EncryptedPasswordDriverManagerConnectionProvider
</property>
<property name="connection.encryptor_registered_name">configurationHibernateEncryptor</property>
<property name="connection.url">
the connection URL
</property>
<property name="hibernate.connection.driver_class">oracle.jdbc.driver.OracleDriver</property>
<property name="hibernate.connection.username">DB_USERNAME</property>
<property name="hibernate.connection.password">ENC(mU6zwQrTrGsCucU4u3GW28PLuzPjwm)</property>
<property name="dialect">org.hibernate.dialect.OracleDialect</property>
<mapping resource="Emp.hbm.xml"/>
</session-factory>
</hibernate-configuration>

Java Code:
***********
public class HibernateDemo {
private static SessionFactory factory;
public static void main(String[] args) {
StandardPBEStringEncryptor strongEncryptor = new StandardPBEStringEncryptor();
strongEncryptor.setAlgorithm("PBEWithMD5AndDES");
strongEncryptor.setPassword("root1");
HibernatePBEEncryptorRegistry registry = HibernatePBEEncryptorRegistry.getInstance();
registry.registerPBEStringEncryptor("configurationHibernateEncryptor", strongEncryptor);
try{
factory = new Configuration().configure().buildSessionFactory();
factory = cf.buildSessionFactory();*/
}catch (Throwable ex) {
System.err.println("Failed to create sessionFactory object." + ex);
throw new ExceptionInInitializerError(ex);
}
HibernateDemo ME = new HibernateDemo();
ME.listEmployees();
}
public void listEmployees( ){
Session session = factory.openSession();
Transaction tx = null;
try{
tx = session.beginTransaction();
List employees = session.createQuery("FROM Emp).list();
for (Iterator iterator =
employees.iterator(); iterator.hasNext();){
Emp employee = (Emp) iterator.next();
System.out.print("First Name: " + employee.getFirstName() );
System.out.print(" Last Name: " + employee.getLastName());
}
}catch (HibernateException e) {
//if (tx!=null) tx.rollback();
e.printStackTrace();
}finally {
session.close();
}
}
}

When I execute the program I am getting following exception:
ERROR: ORA-01017: invalid username/password; logon denied

org.hibernate.QueryTimeoutException: Could not open connection
at org.hibernate.exception.internal.SQLStateConversionDelegate.convert(SQLStateConversionDelegate.java:151)
at org.hibernate.exception.internal.StandardSQLExceptionConverter.convert(StandardSQLExceptionConverter.java:49)
at org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:125)
at org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:110)
at org.hibernate.engine.jdbc.internal.LogicalConnectionImpl.obtainConnection(LogicalConnectionImpl.java:221)
at org.hibernate.engine.jdbc.internal.LogicalConnectionImpl.getConnection(LogicalConnectionImpl.java:157)
at org.hibernate.engine.transaction.internal.jdbc.JdbcTransaction.doBegin(JdbcTransaction.java:67)
at org.hibernate.engine.transaction.spi.AbstractTransactionImpl.begin(AbstractTransactionImpl.java:160)
at org.hibernate.internal.SessionImpl.beginTransaction(SessionImpl.java:1426)
at org.ets.HibernateDemo.listEmployees(HibernateDemo.java:74)
at org.ets.HibernateDemo.main(HibernateDemo.java:53)
Caused by: java.sql.SQLException: ORA-01017: invalid username/password; logon denied

at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:445)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:389)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:382)
at oracle.jdbc.driver.T4CTTIfun.processError(T4CTTIfun.java:600)
at oracle.jdbc.driver.T4CTTIoauthenticate.processError(T4CTTIoauthenticate.java:445)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:450)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:192)
-----------------------
---------------------

I am not able to figure out where exactly I have gone wrong. Any help on this is highly appriciated.