A disadvantage of this approach, though, is it puts the username/password on the command-line and/or the process list, plus potentially exposes it in command-line history, too.
mrg On Mon, Dec 18, 2017 at 11:49 AM, Andrus Adamchik <[email protected]> wrote: > Hi Mark, > > We've done quite a bit of work in Cayenne to avoid complex things like > PasswordEncoding or custom DataSourceFactories. If all that is needed is to > change / define login credentials, the simplest way is via properties [1]. > [2] shows an example with a single DataNode. If you have more than one, you > will need to add the project name and the DataNode name to the base > property name. E.g.: > > export MY_USER=user > export MY_PASSWORD=secret > > java -Dcayenne.jdbc.username.project.mynode=$MY_USER \ > -Dcayenne.jdbc.password.project.mynode=$MY_PASSWORD \ > -jar myapp.jar > > > Hope this helps, > Andrus > > [1] http://cayenne.apache.org/docs/4.0/cayenne-guide/ > configuration-properties.html > [2] https://stackoverflow.com/questions/45781378/best- > practice-to-manage-apache-cayenne-project-xml-file > > > > > On Dec 17, 2017, at 4:23 AM, Mark Hull <[email protected]> wrote: > > > > I apologize if this question has been asked and answered before but: > What is the best-practices solution to redact the database user name and > password from an XML file created and used by Cayenne Modeler? The > ServerRuntime build statement is simply: > > > > cayenneRuntime = ServerRuntime.builder() > > .addConfig("com/hulles/a1icia/cayenne/cayenne-a1icia.xml") > > .build(); > > > > It works just fine as long as the db user name and password are in the > XML file, but I don't believe in leaving clear-text artifacts like that > laying around in the code, so I want to add the user and password data at > runtime from a Java method (not from an external file or an 'executable', > whatever that means in the content of PasswordEncoding). Adding > .user("xyz") and .password("zyx") to the build statement don't work, > presumably because the DataNode is not the default and those statements > just set their respective fields for the default DataNode. > > > > If I have to, I can create either a Module to change those properties > somehow at runtime (though the documentation for doing so is, to be kind, > sparse), somehow implement the PasswordEncoding (even less documentation, > because I don't know where it's used), or just edit the XML at runtime > (horrible choice but looking like the best of a bad lot at this point). > > > > All this seems like a lot of effort when I imagine this need must crop > up fairly often among Cayenne users (it should, for security reasons IMO). > Is there a simple standard way to do what I want? Or at least a standard > way? I don't want to invent a new wheel here. I feel like I'm missing > something obvious that everyone else knows about and that I just missed. > Oh, by the way, whatever the solution is should still allow Cayenne Modeler > to function normally. > > > > I promise I searched for the answer everywhere I could think of. > StackOverflow had a couple answers that used deprecated methods and didn't > work when I tried them. > > > > Thanks in advance for any help. I hope there's a really simple answer so > I feel stupid but don't have to spend any more time on this than I have > already. :) > > > > - Mark Hull > > > > /People say nothing is impossible, but I do nothing every day. - A. A. > Milne/ > >
