Obfuscating the database password

It is likely that you do not want to expose the password in the JDBC URL in database configuration file database-config.xml. For this reason, Guidewire provides the following alternatives for hiding the database password:

Use a password file

See Use a password file to obfuscate the database password

Implement the Database Authentication Plugin

To hide the password in the JDBC URL in database-config.xml, Guidewire provides a default implementation of the DBAuthenticationPlugin authentication plugin. The use of this plugin implementation provides a higher level of security than the use of an external file to store the password.

Use this plugin to define a custom method that returns the user name and password in a format that the database system recognizes.

For information on implementing the DBAuthenticationPlugin plugin in your environment, see Database authentication plugins.

Use a JNDI data source

You can configure PolicyCenter to use a JNDI data source for your database connection on any of the following application servers:

  • JBoss
  • WebLogic
  • WebSphere

The JNDI data source uses a Java 2 Connector (J2C) authentication alias to store the user name and password.

See also Configure PolicyCenter to use a direct JNDI data source.