Wildfly8.1 DB password hardcoded in standalone.xml - wildfly-8

The password of the DB user is hard coded in the standalone.xml of the WildFly8.1.The requirement is to read password from a binary file and using that password for login into DB .Hibernate is used for reading the information from DB.Can you please tell me what steps I should follow to fulfill this requirement.
Thanks in advance.
loki

In WildFly VaultTool is used for secured attributes (e.g. passwords) which can be later on used in configuration files in masked form
<security>
<user-name>user_name</user-name>
<password>${VAULT::ds_OraXADS::password::N2NhZDYzOTMtNWE0OS00ZGQ0LWE4MmEtMWNlMDMyNDdmNmI2TElORV9CUkVBS3ZhdWx0}</password>
</security>
JBoss AS7 Securing Passwords

Related

Encoding spring ldap server manager password

We just upgraded out app to spring 5. I'm using an ldap server and I wanted to know if I can encode the manager-password.
<ldap-server id="contextSource" url="ldap://n.n.n.n" manager-dn="myuser" manager-password="cleartextpassword"/>
The spring security encoding I've read is in regard to the authentication manager.. This would be more similar to encoding them in a properties file. I haven't found anything withing BCrypt that may do this for me..
My current option that I can think of would be to
1. Use bcrypt to encode the password and then extend the LdapSourceContext and decrypt it there.
2. add Jasypt to do the encryption/decryption
If there is anything in Spring 5 that I missed let me know.
I was just wondering if I had missed anything already in spring that may help.
I did end up using Jasypt. Everything I found with spring5 and Boot point to Jasypt.. It is simple to use..

Changing H2 database admin user & password within Grails

Working with Grails 2.3.3 I want to change the sa password for my H2 db or possibly replace sa with a different username with the same admin rights.
If I change the sa password in the dbconsole using the setpassword command and then update the password in the datasource.groovy file is that all I need to do? Or are there other configuration files in the Grails environment I need to update?
I tried to improve security by creating a new user with admin rights in the dbconsole. I then changed the username and password in the DataSource.groovy file. But the application failed to come up and I got an error 'Unable to create initial connections pool - wrong username or password' presumably the sa user is setup elsewhere in the environment. It would be useful to get know where all the db login values are defined?
DataSource.groovy is the only place that Grails looks for database connection info. A plugin or a custom DataSource/connection pool could be configured outside of there, but Grails itself only looks there.
Are you using a file-based H2 database, or starting it outside of Grails as a standalone server? In those cases it should be sufficient to make the change in the database and the corresponding changes in DataSource.groovy. If you're using the in-memory database, your user extra user will be lost when you restart the app.

Using the IBM SBT database credential store with Oauth2

Has anyone used the database credential store com.ibm.sbt.security.credential.store.DBCredentialStore to store tokens for an OAuth2 endpoint. I am running a simple app on WebSphere 7 with a db2 database for the token storage. I have the managed bean for the store correctly configured in managed-beans.xml
<managed-bean>
<managed-bean-name>CredStoreDB</managed-bean-name>
<managed-bean-class>com.ibm.sbt.security.credential.store.DBCredentialStore</managed-bean-class>
<managed-property>
<property-name>jndiName</property-name>
<value>jdbc/sbtk</value>
</managed-property>
<managed-property>
<property-name>tableName</property-name>
<value>SBTKREP</value>
</managed-property>
<managed-bean-scope>application</managed-bean-scope>
<!-- Fixed OAuth Application parameters -->
</managed-bean>
but the credentials never get stored to the database... no errors either. I can see in code that my endpoint is using the correct credentials store by doing...
pw.println("credential store is " + ((OAuth2Endpoint) ep).getCredentialStore());
What actually causes the credentials to be stored.. has anyone done this before? Any help appreciated. Thanks.
Make sure that the SBTKREP table exists in the database at jdbc/sbtk
If not, there are some scripts to run here:
https://github.com/OpenNTF/SocialSDK/tree/master/samples/dbscripts

connecting to a grails app database

I am a python developer by day, but I have some java experience as well (mostly with struts). At work I was handed a grails app to install, which was ok, but the owners of the app didn't supply any credentials, and the app loads to a login page.
I unpacked the war, but I think the DB config has been packaged into a jar somewhere, because I can't seem to find any connection URL. There's an h2 db file that's been created after I deployed the App, so I'm wondering:
how can I connect to the db like you normally would with SQLite or mysql client, browse tables, and create an admin user so I can login?
Go with decompilation. You need not only a user and password, but at least a database JDBC URL. That may include DBMS name, host, port, database name - depending on Java driver specifics. Then connect as you would normally in Python or whatever, or with DBVisualizer.
But if the database is in H2/hsql (URL is like jdbc:h2:mem:XXX), you've got a problem: it is a Java in-process DBMS. In order to gain external access to it, you'll need to change the decompiled code, compile and pack it back with some additions. Hope it's not your case.
Another way in hsql/H2 case is to find and decompile database bootstrap code - as it's an in-process DB, it should be filled at every application startup, so there should be a code creating that superuser.
In Grails, the DB configuration, including authentication settings, are declared in a file called Datasource.groovy which is then compiled into the WAR. You'll need the source code to find the username and password for the H2 DB.
I don't know if Python can connect to a java datasource but it may be a solution.
An other solution may be to provide some REST webservice from Grails side to make it possible for the python program to access the database. This is the way I prefer and I often choose.
By the way, you have the configuration of the databases used by Grails in the conf directory (grails-app/conf/DataSource.groovy) and you'll get the jdbc URL to the database which could be convert to a classical URL. For example : jdbc:mysql://localhost/my_app refers to the database my_app on localhost and default port for a mysql database.
Feel free to ask if you need more information.
Cheers

Storing db connection strings

Whats the preferred file (and why do you prefer it) to store database connection strings in an ASP.Net application, where security is the primary issue?
Thanks
The preferred way? Don't!
Used a trusted connection and Windows principal.
In connection string, either:
Trusted_Connection = Yes
or
Integrated Security = SSPI (or True)
You can store the connection strings in your <connectionStrings> section of web.config, and then encrypt that section by using aspnet_regiis (in your C:\Windows\Microsoft.NET\Framework\v2.0.50727 directory):
aspnet_regiis.exe -pef "connectionStrings" C:\yourproject\YourWebSite
aspnet_regiis has a multitude of config parameters - the -pef allows you to specify the physical path where your website project is (and find the web.config file in that path and encrypts the connectionStrings section inside it).
Or you could also possibly store things like server name (and database name, if that's configurable and could change) separately, in a config, and only build up your connection string at runtime in memory and never even store the whole connection string anywhere. But as soon as you have sensitive information like this, stored in a config file, you are well advised to encrypt it.
Marc

Resources