Is there is any way to protect开发者_运维技巧 database password in -servlet.xml file using spring
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName"><value>com.mysql.jdbc.Driver</value></property>
<property name="url"><value>jdbc:mysql:///BUSINESS</value></property>
<property name="username"><value>root</value></property>
<property name="password"><value>password</value></property>
</bean>
Built-in, no. But you can check this blogpost which shows how to extend the DataSource
to provide AES encryption of the passwords.
Another approach might be to extend PropertyPlaceholderConfigurer
and handle the AES (or RSA) encryption of the properties.
However, as noted in the comments of the linked blogpost, having the cipher key stored in the same file does not add significant security - it only adds obfuscation. So in both approaches above you have to obtain the AES/RSA key from another location, possibly accessible only for the user under which your application server is started (this has to do with OS security).
The approach often taken for this is to have the password stored in an external properties file on the production machine. Access to this file can then be restricted.
See here for how to configure the spring part of this:
property-placeholder location from another property
精彩评论