Announcement Announcement Module
Collapse
No announcement yet.
Have been searching Google for 5 hours, but cannot find any article mentioning this. Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Have been searching Google for 5 hours, but cannot find any article mentioning this.

    I've just used JDBC connection for Hibernate with trivial way like below:

    file: jdbc.properties

    Code:
    jdbc.driverClassName=com.mysql.jdbc.Driver
    jdbc.url=jdbc:mysql://localhost:3306/DeliveryOnDemandSystem
    jdbc.username=*****
    jdbc.password=*****

    file: servlet-context.xml

    Code:
    <!--Data source has the database information -->
    	<beans:bean id="dataSource"
    		class="org.springframework.jdbc.datasource.DriverManagerDataSource">
    		<beans:property name="driverClassName" value="${jdbc.driverClassName}" />
    		<beans:property name="url" value="${jdbc.url}" />
    		<beans:property name="username" value="${jdbc.username}" />
    		<beans:property name="password" value="${jdbc.password}" />
    	</beans:bean>
    
    	<!-- SessonFactory for Hibernate -->
    	<beans:bean id="sessionFactory"
    		class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
    		<beans:property name="dataSource" ref="dataSource" />
    		<beans:property name="packagesToScan" value="edu.uwt.dod.domain" />
    		<beans:property name="hibernateProperties">
    			<beans:props>
    				<beans:prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect
    				</beans:prop>
    				<beans:prop key="hibernate.max_fetch_depth">3</beans:prop>
    				<beans:prop key="hibernate.jdbc.fetch_size">50</beans:prop>
    				<beans:prop key="hibernate.jdbc.batch_size">10</beans:prop>
    				<beans:prop key="hibernate.show_sql">true</beans:prop>
    			</beans:props>
    		</beans:property>
    	</beans:bean>
    The connection perfectly worked, and it is 'okay' if we just want to test database connection, or implement non-serious web application in perspective of security. However, nobody in industry wants to connect the database without ssh tunnel because of the security reason.
    I know that PHP provide some easy way to make the database connection using ssh key.

    I tried to find the way to connect database using ssh key in spring way(configuring beans in xml file), not hard coding, but I cannot find any article or document mentioning about that.

    The only reference or document mentioning about ssh or sftp in Spring was SFTP Adapters(http://static.springsource.org/sprin...html/sftp.html), but I think it does not give me a clue to implement database connection with ssh key.

    Do you guys know the solution about this?

    If you have any solution, or knowledge about how to make the connection between the application and remote database secure other than ssh tunnel using Spring, please let me know.


    I know that Spring has a pretty good approach about security, so I'm surprised at that I cannot find any document or article about database connection using ssh key in Spring way (I mean, using bean configuration).

    Help me please.

    Thanks.

  • #2
    The connection perfectly worked, and it is 'okay' if we just want to test database connection, or implement non-serious web application in perspective of security. However, nobody in industry wants to connect the database without ssh tunnel because of the security reason.
    Hmm then I guess 99% of all software development is flawed and I must have been doing it wrong for the last 15 years... Never used a SSH tunnel to simply connect to a database, and it is used by many users for serious applications (Banks, Governments etc.) ...

    Using an SSH tunnel to connect to your database isn't the responsibility of Spring it is part of your datasource and as such you will find no Spring support for that, you need to figure out a datasource which supports it.

    Comment


    • #3
      Umm, I'm sorry for generalizing the situation with a snap judgement. However, I heard that setting up ssh tunnel with ssh key is better than hard code password set up in terms of security. I could be wrong. I just wanted to check that there is any standard way to code that part provided by Spring before I implement by myself.

      Comment

      Working...
      X