DB credentials can be CLI options + log warning: insecure v_0
authorFrantišek Kučera <franta-hg@frantovo.cz>
Wed, 01 Jan 2014 02:56:08 +0100
branchv_0
changeset 108d06d90b28217
parent 107 8189a4a28cd8
child 109 aef98fd7c7c9
DB credentials can be CLI options + log warning: insecure
java/sql-dk/src/info/globalcode/sql/dk/DatabaseConnection.java
java/sql-dk/src/info/globalcode/sql/dk/configuration/Properties.java
     1.1 --- a/java/sql-dk/src/info/globalcode/sql/dk/DatabaseConnection.java	Wed Jan 01 02:44:29 2014 +0100
     1.2 +++ b/java/sql-dk/src/info/globalcode/sql/dk/DatabaseConnection.java	Wed Jan 01 02:56:08 2014 +0100
     1.3 @@ -39,6 +39,8 @@
     1.4  public class DatabaseConnection implements AutoCloseable {
     1.5  
     1.6  	private static final Logger log = Logger.getLogger(DatabaseConnection.class.getName());
     1.7 +	private static final String JDBC_PROPERTY_USER = "user";
     1.8 +	public static final String JDBC_PROPERTY_PASSWORD = "password";
     1.9  	private DatabaseDefinition databaseDefinition;
    1.10  	private Connection connection;
    1.11  	private Properties properties;
    1.12 @@ -47,9 +49,13 @@
    1.13  		this.databaseDefinition = databaseDefinition;
    1.14  		this.properties = properties;
    1.15  
    1.16 +		if (properties.hasProperty(JDBC_PROPERTY_PASSWORD)) {
    1.17 +			log.log(Level.WARNING, "Passing DB password as CLI parameter is insecure!");
    1.18 +		}
    1.19 +
    1.20  		Properties credentials = new Properties();
    1.21 -		credentials.add(new Property("user", databaseDefinition.getUserName()));
    1.22 -		credentials.add(new Property("password", databaseDefinition.getPassword()));
    1.23 +		credentials.add(new Property(JDBC_PROPERTY_USER, databaseDefinition.getUserName()));
    1.24 +		credentials.add(new Property(JDBC_PROPERTY_PASSWORD, databaseDefinition.getPassword()));
    1.25  		credentials.setDefaults(databaseDefinition.getProperties());
    1.26  		properties.setDefaults(credentials);
    1.27  		java.util.Properties javaProperties = properties.getJavaProperties();
     2.1 --- a/java/sql-dk/src/info/globalcode/sql/dk/configuration/Properties.java	Wed Jan 01 02:44:29 2014 +0100
     2.2 +++ b/java/sql-dk/src/info/globalcode/sql/dk/configuration/Properties.java	Wed Jan 01 02:56:08 2014 +0100
     2.3 @@ -82,6 +82,10 @@
     2.4  		return p == null ? defaultValue : Integer.valueOf(p.getValue());
     2.5  	}
     2.6  
     2.7 +	public boolean hasProperty(String name) {
     2.8 +		return findByName(this, name) != null;
     2.9 +	}
    2.10 +
    2.11  	@Override
    2.12  	public Properties clone() {
    2.13  		Properties clone = new Properties(size());