Open sylvanusi opened 5 years ago
Hi, You can configure a hidden password, for your datasource configuration, by referencing an implementation of the com.tcdng.unify.core.security.Authentication component interface which allows fully or partially hidden credentials. The framework provides the SimpleAuthentication component, working in conjunction with a configurable TwoWayStringCryptograph, that allows the datasource password to be provided as a hashed string. An example is shown in the configuration snippet below.
<component name="database-passwordauth"
class="com.tcdng.unify.core.security.SimpleAuthentication">
<properties>
<property name="username" value="demo" />
<property name="password" value="+3Bg+sAcqYnj1QbMN9I+Qw==" />
</properties>
</component>
<component name="application-datasource"
class="com.tcdng.unify.core.database.sql.SqlDataSourceImpl">
<properties>
<property name="driver" value="org.hsqldb.jdbcDriver" />
<property name="connectionUrl" value="jdbc:hsqldb:hsql://localhost/<DATABASE>" />
<property name="appSchema" value="<SCHEMA>" />
<property name="passwordAuthentication" value="database-passwordauth" />
<property name="dialect" value="hsqldb-dialect" />
</properties>
</component>
The datasource property, passwordAuthentication, references the authentication component named "database-passwordauth".
You can always provide an alternative implementation of an Authentication component or reconfigure the SimpleAuthenticatication component to use a different implementation of the TwoWayStringCryptograph.
A quick reference document that include steps on how to configure a unify container instance via the configuration file (unify.xml) is scheduled for release late March 2019.
Regards, Lateef
Hi Lateef,
Thanks for the guide. How do i generate the hashed password? is there a password hashing utility? and if there is, how do i run this utility to generate the hashed password.
Best Regards,
Hi, There's no utility application for hashing your password. Due to the sensitive nature, you are expected to implement that mechanism in your utility application using the Unify framework core libraries by:
A simple example snippet:
TwoWayStringCryptograph cryptograph =
(TwoWayStringCryptograph) getComponent("twoway-stringcryptograph");
String encryptedPassword = stringCryptographA.encrypt("<Your Password>");
Implementing a general utility would be an enhancement. Based on consultations it may be considered as part of a future release of the core framework.
Regards, Lateef
Hello Lateef,
Kindly guide on how to configure a hashed Database password on the unify.xml configuration file.
Regards