search

tcdng / jacklyn-app

Jacklyn Starter Application
https://www.tcdng.com
Apache License 2.0
1 stars 0 forks source link

Database Configuration password hashing using unify.xml #3

Open sylvanusi opened 5 years ago

sylvanusi commented 5 years ago

Hello Lateef,

Kindly guide on how to configure a hashed Database password on the unify.xml configuration file.

Regards

lateefojulari commented 5 years ago

Hi, You can configure a hidden password, for your datasource configuration, by referencing an implementation of the com.tcdng.unify.core.security.Authentication component interface which allows fully or partially hidden credentials. The framework provides the SimpleAuthentication component, working in conjunction with a configurable TwoWayStringCryptograph, that allows the datasource password to be provided as a hashed string. An example is shown in the configuration snippet below.

<component name="database-passwordauth"
    class="com.tcdng.unify.core.security.SimpleAuthentication">
    <properties>
        <property name="username" value="demo" />
        <property name="password" value="+3Bg+sAcqYnj1QbMN9I+Qw==" />
    </properties>
</component>
<component name="application-datasource"
    class="com.tcdng.unify.core.database.sql.SqlDataSourceImpl">
    <properties>
        <property name="driver" value="org.hsqldb.jdbcDriver" />
        <property name="connectionUrl" value="jdbc:hsqldb:hsql://localhost/<DATABASE>" />
        <property name="appSchema" value="<SCHEMA>" />
        <property name="passwordAuthentication" value="database-passwordauth" />
        <property name="dialect" value="hsqldb-dialect" />
    </properties>
</component>

The datasource property, passwordAuthentication, references the authentication component named "database-passwordauth".

You can always provide an alternative implementation of an Authentication component or reconfigure the SimpleAuthenticatication component to use a different implementation of the TwoWayStringCryptograph.

A quick reference document that include steps on how to configure a unify container instance via the configuration file (unify.xml) is scheduled for release late March 2019.

Regards, Lateef

sylvanusi commented 5 years ago

Hi Lateef,

Thanks for the guide. How do i generate the hashed password? is there a password hashing utility? and if there is, how do i run this utility to generate the hashed password.

Best Regards,

lateefojulari commented 5 years ago

Hi, There's no utility application for hashing your password. Due to the sensitive nature, you are expected to implement that mechanism in your utility application using the Unify framework core libraries by:

  1. Using a reconfigured instance of the default TwoWayStringCryptograph
  2. Using your own implementation of a TwoWayStringCryptograph

A simple example snippet:

TwoWayStringCryptograph cryptograph =
    (TwoWayStringCryptograph) getComponent("twoway-stringcryptograph");
String encryptedPassword = stringCryptographA.encrypt("<Your Password>");

Implementing a general utility would be an enhancement. Based on consultations it may be considered as part of a future release of the core framework.

Regards, Lateef