Can the database password be encrypted in database-conf.xml?

[tggagne]

I want to push my database-conf.xml file to a git repository, but am uncomfortable doing so with my password in the clear.

I haven't read in the documentation that DB passwords can be encrypted like the SFDC passwords can.

Does anyone know?

[tggagne]

Apparently, the same "encrypt" command used for obscuring passwords in config.properties works for database-conf.xml, too.

[tggagne]

I should re-open this. The encrypted password seems to work for postgres, but does not work for SqlServer. I have yet to try it with Oracle. I begin to wonder if the fact it worked with Postgres was an accident or some other environmental issue.

[diracz]

I think what you might look into: http://stackoverflow.com/questions/12834604/using-encrypted-password-for-the-datasource-used-in-spring-applicationcontext-xm

DatabaeReader/Writer uses org.apache.commons.dbcp.BasicDataSource, which you can override to have getPassword/setPassword decrypt/encrypt password.

Hope that helps.

[tggagne]

I think it does...

So, if I created a subclass of org.apache.commons.dbcp.BasicDataSource I would have to specify its name in the database-conf.xml's bean for my DB connection?

If the subclass was named ObscuredPasswordDataSource the bean would look like..

<bean id="mypostgres" class="org.apache.commons.dbcp.ObscuredPasswordDataSource" .. >
    ...
    <property name="password" value="some encrypted value" />
</bean>

[tggagne]

Not being a Maven expert... how can I rebuild dataloader from the command line and skip the step where it tries to "install" it on my mac?

[tggagne]

diracz, I followed the advice from that stackoverflow link and created a new class, DataSource, that does the simple base64 decoding of the password.

While this obscures the password it doesn't obscure as well as dataloader's encryption/decryption of the sfdc.password.

I would prefer to use that approach, but hacking the Config class doesn't quite seem the right approach.

Do you know how I might get some help or clues if there's a better way to use Config's encryption?

The code has been committed to my repository here.

tggagne@e0562ab

[tggagne]

I hacked in the UncryptUtil stuff, so the password may be decrypted. To be /totally/ compatible with Config's use of encryption, it needs to use the keyfile -- which it doesn't yet.

As it is, a password encrypted with "encrypt -e password" should be used. And the bean's classname should be "com.salesforce.dataloader.dao.database.DataSource".

It could use some improved exception handling, but I'm a little out of my element inside Java.

The latest commit is below. I don't know if it's pull request. I have a few people I need to share the jar with--because none of us wants to push a configuration file to git with our passwords in the clear.

tggagne@b9e82f6

[tggagne]

Is there a way to reference the ProcessRunner instance from other classes?

The ProcessRunner has the current config, which means it has already processed the key file and has an initialized EncryptionUtil instance (config.encrypter).

Rather than initializing my own inside DataSource without the benefit of the keyfile, it would be valuable to just use the already-initialized one.

[tggagne]

For our next trick, we should get the keyfile working. Until then, let's call this closed.