在Liferay的context.xml中加密明文数据库密码 [英] Encrypting clear text database password in context.xml for Liferay

问题描述

如何加密我的context.xml文件中的明文密码？

How do I encrypt the clear text passwords in my context.xml file?

我已经尝试使用摘要，如下所述： https://serverfault.com/questions/295628/how-do-i-use-non-plaintext-passwords-for-tomcat-users 但我的portlet最终会出现一个BeanLocator为空的servlet上下文错误。

I've tried using digest as stated here: https://serverfault.com/questions/295628/how-do-i-use-non-plaintext-passwords-for-tomcat-users but my portlet will end up with a "BeanLocator is null for servlet context" error.

还尝试过这样做：
如何避免将密码存储在tomcat的server.xml清单中？DataSource的资源定义？但是无法加载我的类文件（NoClassDefFound异常）

Have also tried creating this: How to avoid storing passwords in the clear for tomcat's server.xml Resource definition of a DataSource? but it was unable to load my Class File (NoClassDefFound Exception)

或者上面的方法可以工作，我只是有一些问题实现它？

Or do the above methods work and I just have some issue implementing it?

推荐答案

您提供的第一个链接不适用于该问题，因为它对于tomcat认证的用户而不是数据源。 Liferay使用完全不同的方式来识别用户并正确填写密码。

The first link that you give does not apply to the problem, as its for users that tomcat authenticates - and not datasources. Liferay uses completely different ways to identify users and properly hashes passwords already.

第二个链接是您正在寻找的 - 为了使其工作，您将必须将您的datasourcefactory包装在一个jar文件中，并将其添加到tomcat的全局类路径，例如在 tomcat / lib 中，或者，对于标准的Liferay软件包， tomcat / lib / ext 。如果您将Web应用程序中的jar包装在整个服务器端，而不仅仅是在特定的Web应用程序中，那么它将不起作用。

The second link is what you're looking for - In order to make it work, you'll have to package your datasourcefactory in a jar file and add it to tomcat's global classpath, e.g. in tomcat/lib or, for a standard Liferay bundle, tomcat/lib/ext. It won't work if you have the jar packaged in a web application as it needs to be available on the overall server side, and not only within a particular web application.

请注意这个答案的意见：这是比加密相当的争议，因为任何攻击者都可以轻松地撤销相同的过程。是的，它会提高酒吧，但并不是真的增加了强大的安全性。迟早密码需要由服务器读取，除了在服务器启动时强制手动输入密码之外，几乎无法使此过程安全。自然而言，这也不是很受欢迎。

Note the comment on that answer: This is rather scrambling than encrypting, as the same process can easily be undone by any attacker. Yes, it will raise the bar, but it's not really adding strong security. As sooner or later the password will need to be readable by the server, there's almost no way to make this process secure, other than forcing a manual input of the password upon server start. Naturally that's not very popular either.

另一个选择是使用支持非明文保存密码的appserver开箱即用。相同的限制适用于此：只能加密这些密码，而不是以安全的方式加密。

And yet another option would be to use an appserver that supports non-plaintext saving of passwords out-of-the-box. Same restrictions apply here: It can only be scrambling those passwords, not encrypt in a safe manner.

这篇关于在Liferay的context.xml中加密明文数据库密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！