This week's book giveaway is in the Jython/Python forum.
We're giving away four copies of Murach's Python Programming and have Michael Urban and Joel Murach on-line!
See this thread for details.
Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Which way is better for holding database connection parameters?  RSS feed

 
Arash Babak
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I'm using JSF framework. I can let Netbeans to create the persistence unit and hardcodes connection parameters into the persistence.xml file or i can use resource tag in context.xml file or using another file like property file or class for holding connection parameters like username and password; what is the most secure way or expert way to use connection properties in my app or there is no difference?

Appreciate in advance.
 
Mohamed Sanaulla
Bartender
Posts: 3169
34
Google App Engine Java Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
We generally keep it in a config properties file and read that properties file on runtime and construct the connection objects. Putting it in a class means that you would have to build the code each time you change it, but having it in a properties file you can always edit the file and restart your app.

None of the ways mentioned are secure as it is not secure to keep your password in plain text. If you are sure that the password in plain text cannot be accessed by unauthorized people and the exception messages dont contain the connection details then you might want to keep then in the properties file. Other approach would be to make use of a key server where the password would be stored against a key and the key would be stored in the properties file.
 
Arash Babak
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks, Mohamed.
I'm new in jsf and java web programming.
You mentioned the exception messages that contain the connection details. Can the application put them in the exception messages by itself. If so, how can i prevent it?
I'll keep it in the properties file, but where should i put the keys so that the application can use it for connecting to the DB ? In the persistence.xml file or in the context.xml? Can you give me an example of that?
 
Tim Holloway
Bartender
Posts: 18531
61
Android Eclipse IDE Linux
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't do any of the above.

I use connection pools, which are defined external to the web application. Thus, sensitive connection information isn't stored within the web application itself. This also allows me to use the same WAR for both test and production machines, since I don't have to rebuild it with test/production database connection parameters.

Plus, with a connection pool, all connections are shared and tuneable for all participants in the pool. For an ORM system such as Hibernate/JPA that's not as big a consideration as it is for free-form JDBC-based apps, but it's still something else you can control without making code changes.
 
Arash Babak
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you Tim,
My app is a simple app with just two admin user who want to control their workshop. But can you give me some references to which i can learn about making connection pools and using them for the connection details in tomEE?
 
Tim Holloway
Bartender
Posts: 18531
61
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Pooled connections are part of the J2EE standard and documentation can be found in any good book on J2EE. The exact configuration details depend on what server you are using.

TomEE is supposed to be an EJB container. So if it's properly compliant, the EJBs would have to have those mechanisms as part of the EJB implementation itself, not that basic Tomcat didn't support them anyway.
 
Arash Babak
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks, Tim.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!