Cannot encrypt password in configuration file
Solution 1
This is not the proper way to do it but solves.
StandardPBEStringEncryptor encryptor =new StandardPBEStringEncryptor();
encryptor.setPassword("somePass");
encryptor.setAlgorithm("PBEWITHMD5ANDDES");
Configuration configuration = new Configuration().configure();
String pass=encryptor.decrypt(configuration.getProperty("hibernate.connection.password"));
configuration.setProperty("hibernate.connection.password",pass);
And in hibernate.cfg
<property name="connection.username">sa</property>
<property name="connection.password">Nzuyhu5PJJwsVH3mdw==</property>
Solution 2
You might try this:
StandardPBEStringEncryptor strongEncryptor = new StandardPBEStringEncryptor();
strongEncryptor.setPassword("jasypt");
strongEncryptor.setAlgorithm("PBEWITHMD5ANDDES");
HibernatePBEEncryptorRegistry registry = HibernatePBEEncryptorRegistry.getInstance();
registry.registerPBEStringEncryptor("strongHibernateStringEncryptor", strongEncryptor);
Configuration configuration = new Configuration();
configuration.configure("hibernate.cfg.xml");
configuration.setProperty("hibernate.connection.password", strongEncryptor.decrypt(configuration.getProperty("hibernate.connection.password")));
ServiceRegistryBuilder serviceRegistryBuilder = new ServiceRegistryBuilder().applySettings(configuration.getProperties());
sessionFactory = configuration.buildSessionFactory(serviceRegistryBuilder.buildServiceRegistry());
Related videos on Youtube
nachokk
Contact : [email protected] Queries i did in stackexchange for fun. You vs other in answers Your answers in POPULAR QUESTIONS Your answers in NOTABLE QUESTIONS Your answers in FAMOUS QUESTIONS
Updated on August 15, 2022Comments
-
nachokk about 1 year
I'm having trouble encrypting the database password in
hibernate.cfg.xml
This is my property file.
<!-- Database connection settings --> <property name="connection.driver_class">com.microsoft.sqlserver.jdbc.SQLServerDriver</property> <property name="connection.url">jdbc:sqlserver://localhost:1433;databaseName=TEST;</property> <property name="connection.username">sa</property> <!-- Encryption --> <property name="connection.password">ENC(vMO/j5jfpaU2cUhPVoOk5Q==)</property> <property name="connection.provider_class">org.jasypt.hibernate4.connectionprovider.EncryptedPasswordDriverManagerConnectionProvider</property> <property name="connection.encryptor_registered_name">hibernateEncryptor</property>
Then in the
HiberanteUtil.java
I have this// Builds session factory. private static SessionFactory configureSessionFactory() throws HibernateException { Configuration configuration = new Configuration().configure(); StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor(); encryptor.setPassword("pass"); HibernatePBEEncryptorRegistry registry = HibernatePBEEncryptorRegistry.getInstance(); registry.registerPBEStringEncryptor("hibernateEncryptor", encryptor); ServiceRegistry serviceRegistry = new ServiceRegistryBuilder() .applySettings(configuration.getProperties()).buildServiceRegistry(); return configuration.buildSessionFactory(serviceRegistry); }
I've created the encrypted password with
encrypt.bat
.Then the error i have is
com.microsoft.sqlserver.jdbc.SQLServerException: Login failed for user 'sa'. ClientConnectionId:8033573f-5f52-4fe9-a728-fbe4f57d89c4
If I remove this part
StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor(); encryptor.setPassword("someKey"); HibernatePBEEncryptorRegistry registry = HibernatePBEEncryptorRegistry.getInstance(); registry.registerPBEStringEncryptor( "hibernateEncryptor", encryptor);
I have the same error, so I think it doesn't register but I have no idea how to do it.
This is how i encrypt
UPDATE
The only thing i can made to get it work is something like this, but is not the way i think.
StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor(); encryptor.setPassword("somePass"); encryptor.setAlgorithm("PBEWITHMD5ANDDES"); String pass=encryptor.decrypt("HhpmA/XmJoLro8TYYu4YyA=="); HibernatePBEEncryptorRegistry registry = HibernatePBEEncryptorRegistry.getInstance(); registry.registerPBEStringEncryptor( "hibernateEncryptor", encryptor); Configuration configuration = new Configuration().configure() .setProperty("hibernate.connection.encryptor_registered_name","hibernateEncryptor") .setProperty("hibernate.connection.password",pass);
So i think the problem is with the
"hibernateEncryptor"
, i think i need to register<typedef name="encryptedString" class="org.jasypt.hibernate4.type.EncryptedStringType"> <param name="encryptorRegisteredName">hibernateEncryptor</param> <typedef>
But when i put it in
hibernate.cfg.xml
says invalid mapping, so i add it to a class with annotation but nothing happen cause i think this is read after database connection that is what i want to encrypt. :(@TypeDef(name="encryptedString",typeClass=org.jasypt.hibernate4.type.EncryptedStringType.class, parameters= {@Parameter(name="encryptorRegisteredName",value="hibernateEncryptor")})
-
nachokk about 10 years+1 Actually, is similar what im doing but you take approach of getting via xml the property so you can change without rebuilding..
HibernatePBEEncryptor
is not necessary if you do in that way.