is there a way to encrypt the connection.password?

acoronasz · **Joined:** Mon Feb 27, 2006 6:47 pm **Posts:** 8

I want to have an encrypted password and have hibernate decrypt it before it opens the DB connection. Is this possible? if so how do I do it?

Thanks

jt_1000 · **Posted:** Tue Mar 14, 2006 8:12 pm

use a JNDI datasource if you want to protect the password.
Or you can pass your own Connection object to the session in the session.reconnect(...).

FMcGeough · **Joined:** Tue Oct 25, 2005 12:32 pm **Posts:** 13

If you are writing a standalone program you can use the following syntax to hide the password.

<property name="hibernate.connection.password">${secret.db.password}</property>

This special syntax (the dollar sign and squirrely braces) tells Hibernate to get the password out of the System properties using the string (secret.db.password in the above example) as the key instead of just interpreting the string as the plain text password. You can shove this value into the System properties before you build the SessionFactory after obtaining it from some encrypted source.

See this location http://java.sun.com/docs/books/tutorial/essential/system/properties.html for information on System properties.

If you search through the Hibernate code for ${ you can see the class that does that the interpretation. I don't have the code in front of me right now so I can't recall where it is.

Good luck.

jt_1000 · **Posted:** Wed Mar 15, 2006 12:52 pm

by the way - this does not "encrypt" anything... (as noted in his comments).

Quote:

after obtaining it from some encrypted source.

It is a way to pass the password, without it being hard coded into the conf file. You still have to setup the password as a command line option by defining a system property (with -Dprop=passwrd) or by loading some properties file (just as secure as the original problem of having it in a hib config file). Then if you use -D on command line it is available to the process table, where everyone on that machine (in unix & perhaps windows) can read the password in plain text.

The easy way to ensure that it is properly encrypted is through JNDI and Datasource.

If you were to use the System.property way, as a complete recommendation for using -D would be to explain how an ecrypted password would get to your program (again available plain-text).

In this light - One way to accomplish this is to encrypt a properties file and then decrypt the entire file in your program startup, and load the property and setup that one property in the system properties. Obviously, you'd have to roll your own encrypt/decrypt of the file and load/set property.

There are lots of other ways.. since all you really need to do is to get the plain text into your program, via streams..etc. and then setup your property with System.setProperty(...);

(I edited my answer).