Encrypting password for c3p0 ComboPooledDataSource

admin

Administrator
Staff member
I currently have a server.xml configuration which has the following in it

Code:
<Resource auth="Container"
    description="DB Connection"
    driverClass="oracle.jdbc.driver.OracleDriver"
    maxPoolSize="40"
    minPoolSize="2"
    aquireIncrement="1"
    name="jdbc/FOOBAR"
    user="foo"
    password="bar"
    factory="org.apache.naming.factory.BeanFactory"
    type="com.mchange.v2.c3p0.ComboPooledDataSource"
    jdbcUrl="path:to:db:port:db" />

I have a requirement to no longer allow the username/password to be in clear text in the server.xml file for obvious reasons.

I've read a bit online and came across <a href="http://java.sys-con.com/node/393364/print" rel="nofollow">How to Secure Tomcat Database Passwords for Java
</a> <a href="http://scribblejava.wordpress.com/2...e-and-password-for-jndi-in-tomcat-server-xml/" rel="nofollow">Encrypt username and password for JNDI in Tomcat Server.xml</a> and many other pages; however, I'm a bit stuck.

I first looked at extendind the BasicDataSourceFactory - but it seems that can't occur due to my using c3p0 CombinedPooledDataSource. I then looked at trying to create a c3p0 datasource wrapper by implementing PooledDataSource, Serializable and Referenceable but that didn't work either.

I read I could move the authentication to the server side by making auth="Container" => auth="Application". However, I'm not sure of how to implemet the rest of the pieces with my using Hibernate.

Any help would be great.