The geotools DataStoreFinder expects a Map of properties, including mainly the connectivity information, depending on the store.
For the PostGIS plugin this includes the dbtype (which must be "postgis") and the database host, port, schema, database, username and password.
http://docs.geotools.org/stable/userguide/library/jdbc/postgis.html
In my application, there are other tables which are being accessed using Spring Data (JPA Repositories / Hibernate and Hibernate Spatial).
Is there a way to make the PostGIS connection information to use the standard JEE DataSource that is injected by Spring? This way I won't have to duplicate the configuration to the same database and do custom property handling.
Related
I'm loading a lot of user profiles at once. I generate the SQL script for the mysql database using the password() function.
But this dosen't make it. The password generated is not the same one generated in spring boot application form.
This is for MySQL server 5.7.26 running on linux 4.15.0-54 and java 8
for example for the password string 'test0000', the spring security generated password is :
5f7433f76544679849ec917c3baa70e0852b3d025fb52ecb7839c6fe911f75c49b3b2315aa3589c
but with the password('test0000') function in mysql it gives :
*FED47FB319BAC61E726825628D8A5D22979E9F1C
So how to generate the springboot like password on mysql or in the commandline in linux?
MySQL's password() function uses SHA1(SHA1(password)) to calculate hash.
The Spring Security uses PasswordEncoder interface to encode and match and has different implementations available to handle BCrypt, MD5, SHA256, etc.
So, for the passwords to be compatible on both ends, you need to use the same algorithm.
Since the hashing algorithms are slow, it is not advised to use these in the SQL.
I have spring boot application using MySQL database. I am using hikari connection pool.
According to this official blog of Hikari https://github.com/brettwooldridge/HikariCP/wiki/MySQL-Configuration, I have to set some properties for performance improvement e.g.
dataSource.prepStmtCacheSize=250
dataSource.prepStmtCacheSqlLimit=2048
dataSource.useServerPrepStmts=true
dataSource.useLocalSessionState=true
But I am not sure how to set these properties without explicitly creating bean of HikariDataSource as mentioned in this link: https://github.com/brettwooldridge/HikariCP/issues/1200
I am aspiring to set these properties directly via spring configuration file (property file or YML file)
These parameters can be easily configured via a simple configuration.
Just append these property/properties in standard spring datasource -> url property
spring.datasource.url=jdbc:mysql://localhost:3306/databasename?rewriteBatchedStatements=true&useLocalSessionState=true&cachePrepStmts=true&prepStmtCacheSize=250&prepStmtCacheSqlLimit=2048
Similarly, other properties can be appended using & symbol.
I have configured User Defined datasource for MySQL database using below.
WebSphere 8.5
mysql-cluster-gpl-7.4.6
mysql-connector-java-5.1.9-bin.jar
Implementation Class in Provider :
com.mysql.jdbc.jdbc2.optional.MysqlXADataSource
However, I get below exception for JTA transaction spanning MySQL and Oracle datasource operation for MySQL datasource.
E WTRN0063E: An illegal attempt to commit a one phase capable
resource with existing two phase capable resources has occurred.
As per docs, MySQL supports XA-transaction, My driver is implementing XADatasource.
Can you confirm what is it that I am missing.
May be datasource configuration that it is not two phase capable transactional resources?
I have also used ENGINE=INNODB to create MySQL table.
It sounds like you need to configure your datasource to be XA capable on the WebSphere side. By default, WAS datasource will not implement javax.sql.XADataSource.
See this WAS 8.5 documentation link (section 8.e) to verify your config is using an XA datasource:
http://www-01.ibm.com/support/knowledgecenter/SSEQTP_8.5.5/com.ibm.websphere.base.doc/ae/tdat_ccrtpds.html?cp=SSEQTP_8.5.5%2F1-3-0-23-3-0-7-1
I am using quartz in a web application and using QuartzInitializerServlet.
Now to run it on multiple systems, I have added a database to make it run it in clustered mode. The dataSource properties are provided in quartz.properties file but this exposes the database credentials in cleartext.
Is there some way to use QuartzInitializerServlet but provide the dataSource credentials through code (where I can retrieve the credentials stored elsewhere) ?
Here is the documentation : http://www.quartz-scheduler.org/documentation/quartz-2.3.0/configuration/ConfigDataSources.html#configure-datasources
Use the jndiUrl property to specify the jndi name of your datasource:
org.quartz.dataSource.NAME.jndiURL = java:comp/env/jdbc/www_datasource
HIH
In the web-application I'm developing I currently use a naive solution when connecting to the database:
Connection c = DriverManager.getConnection("url", "username", "password");
This is pretty unsafe. If an attacker gains access to the sourcecode he also gains access to the database itself. How can my web-application connect to the database without storing the database-password in plaintext in the sourcecode?
You can store the connection string in Web.config or App.config file and encrypt the section that holds it. Here's a very good article I used in a previous project to encrypt the connection string:
http://www.ondotnet.com/pub/a/dotnet/2005/02/15/encryptingconnstring.html
In .NET, the convention is to store connectionstrings in a separate config file.
Thereon, the config file can be encrypted.
If you are using Microsoft SQL Server, this all becomes irrelevant if you use a domain account to run the application, which then uses a trusted connection to the database. The connectionstring will not contain any usernames and passwords in that case.
I can recommend these techniques for .NET programmers:
Encrypt password\connection string in config file
Setup trusted connection between client and server (i.e. use windows auth, etc)
Here is useful articles from CodeProject:
Encrypt and Decrypt of ConnectionString in app.config and/or web.config
Unless I am missing the point the connection should be managed by the server via a connection pool, therefore the connection credentials are held by the server and not by the app.
Taking this further I generally build to a convention where the frontend web application (in a DMZ) only talks to the DB via a web service (in domain), therefore providing complete separation and enhanced DB security.
Also, never give priviliges to the db account over or above what is essentially needed.
An alternative approach is to perform all operations via stored procedures, and grant the application user access only to these procs.
Assuming that you are using MS SQL, you can take advantage of windows authentication which requires no ussername/pass anywhere in source code. Otherwise I would have to agree with the other posters recommending app.config + encryption.
Create an O/S user
Put the password in an O/S environment variable for that user
Run the program as that user
Advantages:
Only root or that user can view that user's O/S environment variables
Survives reboot
You never accidentally check password in to source control
You don't need to worry about screwing up file permissions
You don't need to worry about where you store an encryption key
Works x-platform