Use a password file to obfuscate the database password
About this task
To hide the password in the JDBC URL, you can place the password in an external file and reference this file from the database-config.xml file.
Procedure
-
Add the
password-fileattribute to the<dbcp-connection-pool>element within the<database>element. -
Set the value of
password-fileto the absolute path of the password file. -
Replace the
passwordvalue in thejdbc-urlconnection specification with a${password}placeholder.At run time, PolicyCenter reads the password from the file.
Results
After you complete this process, your database specification looks similar to the following:
- Oracle
-
<database name="PolicyCenterDatabase" driver="dbcp" dbtype="oracle"> <dbcp-connection-pool jdbc-url="jdbc:oracle:thin:USER/${password}@ORACLEDB:PORT:INSTANCE" password-file="c:\secure\password.txt" /> </database> - SQL Server
-
<database name="PolicyCenterDatabase" driver="dbcp" dbtype="sqlserver"> <dbcp-connection-pool jdbc-url="jdbc:sqlserver://HOSTNAME:1433;databaseName=pc; user=pcUser;password=${password}" password-file="c:\secure\password.txt" /> </database>