Storing database credentials for RCP application

[glenn2041]

Hi all,
I'm developing an Eclipse RCP application that uses five separate databases & ldap. It'll be deployed via WebStart into our internal network from an instance of WebSphere. The problem is that storing unsecured credentials for use by BasicDataSource's & Spring LDAP are a security issue. This is obviously not an option to deploy with.

What are your suggestions as how to solve this problem?
Cheers

[tirtzab]

You can use the BasicTextEncryptor to encrypt the password in a properties file that the BasicDataSource is configured to use

Code:

<bean id="fillInProperties" class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer">
		<constructor-arg ref="BasicTextEncryptor"/>
		<property name="location">
			<value>resources/site.properties</value>
		</property>
	</bean>

	<bean id="BasicTextEncryptor" class="org.jasypt.util.text.BasicTextEncryptor">
		<property name="password">
			<value>psW%$enc6</value>
		</property>
	</bean>


	<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
		<property name="driverClassName">
			<value>oracle.jdbc.driver.OracleDriver</value>
		</property>
		<property name="url">
			<value>${ds.url}</value>
		</property>
		<property name="username">
			<value>${ds.username}</value>
		</property>
		<property name="password">
			<value>${ds.password}</value>
		</property>
	</bean>