Fórum

  1. Início
  2. Development
  3. To encrypt the DB password in portal-ext properties file of the server

To encrypt the DB password in portal-ext properties file of the server

thumbnail
vikash kumar chaurasia, modificado 14 Anos atrás.

To encrypt the DB password in portal-ext properties file of the server

Junior Member Postagens: 97 Data de Entrada: 08/01/10 Postagens Recentes
Hi,

I am using JBOSS-Tomcat Application Server bundle of Liferay 5.2.3. I have currently configured this Liferay Jboss-Tomcat bundle to work with MySQL. Now, since the MySQL connection information (e.g. DB URL, Username, Password) are stored in the portal-ext.properties file in Liferay, I want the password to be in the encrypted form, so that it is not readable. Is it possibble? How can I do this?

Anybody is having any idea?

Thanks in advance.
thumbnail
Sandeep Nair, modificado 14 Anos atrás.

RE: To encrypt the DB password in portal-ext properties file of the server

Liferay Legend Postagens: 1744 Data de Entrada: 06/11/08 Postagens Recentes
Hi,

Check portal.properties

By default the encryption used for passord is SHA

##
## Passwords
##

    #
    # Set the following encryption algorithm to encrypt passwords. The default
    # algorithm is SHA (SHA-1). If set to NONE, passwords are stored in the
    # database as plain text. The SHA-512 algorithm is currently unsupported.
    #
    #passwords.encryption.algorithm=CRYPT
    #passwords.encryption.algorithm=MD2
    #passwords.encryption.algorithm=MD5
    #passwords.encryption.algorithm=NONE
    passwords.encryption.algorithm=SHA
    #passwords.encryption.algorithm=SHA-256
    #passwords.encryption.algorithm=SHA-384
    #passwords.encryption.algorithm=SSHA


You can override it by specifying it in portal-ext.properties

Regards,
Sandeep
thumbnail
Derek Nerenberg, modificado 14 Anos atrás.

RE: To encrypt the DB password in portal-ext properties file of the server

Junior Member Postagens: 41 Data de Entrada: 09/05/06 Postagens Recentes
What about the passwords for the database that are stored directly in the portal-ext.properties file?
thumbnail
vikash kumar chaurasia, modificado 14 Anos atrás.

RE: To encrypt the DB password in portal-ext properties file of the server

Junior Member Postagens: 97 Data de Entrada: 08/01/10 Postagens Recentes
Anybody having any idea for this question.

My question is: If we have specified URL, UserName and Password for the MySql DB for Liferay in the portal-ext.properties file, how can we put the password in encrypted form, so that server can read that password and correspondingly load the Liferay DB.

Basically, putting the password in plain text in the portal-ext.properties file is not a good idea due to the security reasons.

Thanks.
thumbnail
Sandeep Nair, modificado 14 Anos atrás.

RE: To encrypt the DB password in portal-ext properties file of the server

Liferay Legend Postagens: 1744 Data de Entrada: 06/11/08 Postagens Recentes
Hi,

So you mean database password. Well there is no way to do that i think. As far as security is considered portal-ext.properties is placed under WEB-INF/classes folder. Files under the WEB-INF directory cannot be directly accessed.

Regards,
Sandeep
thumbnail
vikash kumar chaurasia, modificado 14 Anos atrás.

RE: To encrypt the DB password in portal-ext properties file of the server

Junior Member Postagens: 97 Data de Entrada: 08/01/10 Postagens Recentes
Hi Sandeep,

Thanks for reply.

However, you are fully right that the file once placed in WEB-INF/classes will not be directly accessed, however anybody can browse the folders in the Liferay bundle and go to the WEB-INF/classes and see the password and can in turn access the DB with that password.

Can we avoid such circumstances?
thumbnail
Pravin Pawar, modificado 14 Anos atrás.

RE: To encrypt the DB password in portal-ext properties file of the server

Junior Member Postagens: 62 Data de Entrada: 17/11/09 Postagens Recentes
Hi,

You can use Jasypt (Java Simplified Encryption). Jasypt is a java library which allows the developer to add basic encryption capabilities to his/her projects with minimum effort, and without the need of having deep knowledge on how cryptography works.

Refer Encrypting application configuration files

But for this you have to understand the Liferay core code. The code related to getting the jdbc connection using the jdbc.default.username and jdbc.default.password properties.
thumbnail
vikash kumar chaurasia, modificado 14 Anos atrás.

RE: To encrypt the DB password in portal-ext properties file of the server

Junior Member Postagens: 97 Data de Entrada: 08/01/10 Postagens Recentes
Hi Pravin,

Thanks for reply.

But, I think it is cumbersome to dig the liferay code to simulate the Password encryption/decryption in portal-ext.properties. Do you have any idea, If we set password in encrypted form in portal-ext.properties file, how the Liferay will decrypt the password and load the DB.

Thanks again.
thumbnail
Pravin Pawar, modificado 14 Anos atrás.

RE: To encrypt the DB password in portal-ext properties file of the server

Junior Member Postagens: 62 Data de Entrada: 17/11/09 Postagens Recentes
Yes I have implemented this some time before with Liferay CE 5.2.1 release. Right now I don't have that code with me. I have modify the code related to DataSource and build portal-impl related part only. For deployment we just replace the portal-impl.jar from tomcat bundle & it's working fine.
thumbnail
Manish Kumar Gupta, modificado 14 Anos atrás.

RE: To encrypt the DB password in portal-ext properties file of the server

Liferay Master Postagens: 535 Data de Entrada: 16/05/08 Postagens Recentes
If security is your concern, you can use JBoss to create JNDI datasource for you databse connection and specify that JNDI name in ext-properties.

If you are using unix OS, you can give read only permission on portal-ext to app-server-user only.

Finally, if you are not really happy with above 2 approach, See http://issues.liferay.com/browse/LPS-4336 for encoding the password.
MICHAIL MOUDATSOS, modificado 12 Anos atrás.

RE: To encrypt the DB password in portal-ext properties file of the server

Regular Member Postagens: 110 Data de Entrada: 04/10/11 Postagens Recentes
Manish Kumar Gupta:
See http://issues.liferay.com/browse/LPS-4336 for encoding the password.


Is it possible to implement the solution provided there (provided code solution) using an ext plugin, rather than modifying Liferay source code and rebuilding the distribution portal-impl.jar, which is the documented approach (if I understood correctly, that is)

(Or is there some problem concerning when plugins are loaded and executed with respect to the execution time of the provided code?)

Thank you in advance!
MICHAIL MOUDATSOS, modificado 12 Anos atrás.

RE: To encrypt the DB password in portal-ext properties file of the server

Regular Member Postagens: 110 Data de Entrada: 04/10/11 Postagens Recentes
OK, after some trial and error my first impression that an ext plugin would not work because it woud be run later than the time needed, was correct, so I had to change the source code and rebuild using provided ant scripts (thankfully!). Since the http://issues.liferay.com/browse/LPS-4336 link corresponds to an earlier version of Liferay I thought it would be usefull to present an approach. The modification concerns the file com.liferay.portal.dao.jdbc.util.DataSourceFactoryBean of the porta-impl.jar:


	[url=http://issues.liferay.com/browse/LPS-4336][/url]
public DataSource createInstance() throws Exception {
		Properties properties = _properties;

		if (properties == null) {
			properties = PropsUtil.getProperties(_propertyPrefix, true);
		}
		else {
			properties = PropertiesUtil.getProperties(
				properties, _propertyPrefix, true);
		}

		Properties defaultProperties = PropsUtil.getProperties(
			"jdbc.default.", true);

		/**
		 * Overriding code: begin
		 */

		Enumeration<string> propEnum = (Enumeration<string>)defaultProperties.propertyNames();

		while(propEnum.hasMoreElements())
		{
			String key = propEnum.nextElement();

			if(key.equalsIgnoreCase("password"))
			{
				/*Property jdbc.default.encrypted.password enables one to define whether the provided password is encrypted or not*/
				boolean isEncrypted = GetterUtil.getBoolean(defaultProperties.getProperty("encrypted.password"));

				if(isEncrypted)
				{
					String value = defaultProperties.getProperty(key);
					Base64 base64 = new Base64();
					byte[] bytesArray = base64.decode(value.getBytes());
					value = new String(bytesArray);
					/*Set the password property in the property member field since it is the one to be taken into account*/
					properties.setProperty(key, value);
				}
			}
		}

		/**
		 * Overriding code: end
		 */

		PropertiesUtil.merge(defaultProperties, properties);

		properties = defaultProperties;
//...
//code continues...
</string></string>


The code part between the two "Overriding code" comments is actually an addition. Nothing was overwritten/removed. The encryption approach follows the one provided in the link of previous post. It is more like an encoding rather than a sophisticated encryption. One can replace with its own encryption choice.

I forgot to add that in this particular case the following fragment of code is sufficient to create an encoding of your db password:

		Base64 base64 = new Base64();
		byte[] bytesArray = null;
		String result = null;
		bytesArray = base64.encode(password.getBytes());
		result = new String(bytesArray);


result variable contains the encoded password. Print it and assign it to jdbc.default.password property in portal-ext.properties