Another beginner question. Is there a standard way for Hibernate apps to secure the database password? I'm not allowed to simply store the password in plain text in the hibernate.cfg.xml file and if there is a generally accepted practice for how to do this then I'd prefer to use it rather than invent my own.
Well, first, move the jdbc "loggin" stuff out of your hibernate config file and create a DataSource on your app or web server. But the config for the datasource will have that information, but it is pretty well secure. Someone can't just connect to your server and get that file, unless they already have the permission you need to actually know the password anyway.