Menu
Download Free Trial

Want to pass encrypted passwords in flexmonster.config

In flexmonster.config file we pass the user name and password as below.
CONNECTION_STRING=Jdbc=jdbc:mysql://localhost:3306/foodmart?user=flexmonster&password=password;JdbcDrivers=com.mysql.jdbc.Driver;
 
I want to pass encrypted password in CONNECTION_STRING for security purposes, instead of direct username and password.
How can i achieve the above.
 

3 answers

Public
Iryna Kulchytska Flexmonster May 4, 2017

Dear Shanti,
 
Thank you for writing to our support forum.
Your colleague Manish Kumar was asking this question previously: How to configure encrypt password for data speed accelerator.
In addition to the answer in the above thread, I would like to note that you can add to the CONNECTION_STRING any info you need if your database is able to handle this info. As far as we know, most databases do not support encrypted username and password in their connection strings. Thus, this is not the question of the accelerator, but the question of the database.
 
Kind regards,
Iryna

Public
shanti swarup May 5, 2017

Hi Iryna,
Thanks for the valuable info.
I was wondering if the below workaround would work out and request you to suggest on the below

  1. Since the connection string of flexmonster.config file is read in readConfig() method of com.flexmonster.proxy.FlexmonsterProxy class in flexmonster-proxy-mondrian.jar
    So in any case we have the permission to customise the source code, we can pass the AES encrypted connectionstring in flexmonster.config file and decrypt it in readConfig() method with a certain predefined key and then set the connection string.
Public
Tanya Gryshko Flexmonster May 8, 2017

Hello Shanti,
Thank you for the reply. The workaround proposed can work out if you are ready to compile your own version of the accelerator. In this case you will need to add flexmonster-proxy-mondrian.jar , override readConfig() method in the com.flexmonster.proxy.FlexmonsterProxyImpl class and compile the custom version. Please let us know if this option is suitable for you. readConfig() method is currently private yet we can make it protected in the next version. Thus the method will be available for overriding.
Regards,
Tanya

Please login or Register to Submit Answer