US and Worldwide: +1 (866) 660-7555
Results 1 to 5 of 5

Thread: Encrypted JNDI Password

  1. #1
    Join Date
    Dec 2011
    Posts
    27

    Default Encrypted JNDI Password

    I am on Ubuntu 11.10. PDI version is 4.2.1. I am using a database repository.

    I have created a JNDI connection in /opt/pentaho/data-integration/simple-jndi/jdbc.properties to a mysql database. The password is unencrypted this time (NOT encrypted). Then went into Tools > Repository > Explore - Click on Connections tab, and created a new connection using JNDI. Clicked on Test Connection, and it works fine.

    Next, created an Obfuscated password as follows:
    /opt/pentaho/data-integration/encr.sh -kettle gigagroup
    Output is,
    Encrypted 2be98afc86aa7f283a21eaf77cc9dbaca

    Edited the jdbc.properties as follows:
    ggjndi/password=Encrypted 2be98afc86aa7f283a21eaf77cc9dbaca

    Restarted Spoon.
    Test Connection does not work.

    Restored the unencrypted password back in the file, restarted Spoon, and it works fine again. Did this several time to check if I was doing any simple mistake, but it consistently does not work with encrypted password.

    Is this a bug? Am I doing something wrong? Anyone tried it?
    Any help is greatly appreciated.

    - Nili

  2. #2
    Join Date
    Dec 2011
    Posts
    27

    Default

    Anyone?
    Does anyone use JNDI? ( Or most of you use simple DB Connection )
    Does anyone encrypt the JNDI password at all?
    (there are lot of views on this issue, but no reply ... very curious now)

  3. #3

    Default

    I have the same problem
    BizCubed Pty Ltd
    Australian Pentaho Partner

  4. #4
    Join Date
    Sep 2009
    Posts
    809

    Default

    Hi everyone,

    I'm jumping in to explain the issue. From a JNDI user's perspective there's no way of getting at the configured password. Meaning that if (as a programmer) you're using JNDI, you get a datasource object that does not expose the credentials used to configure it. It's part of the idea of JNDI to not expose that information to the user of a connection. We're using the simple-jndi library in PDI, which simulates what an app server usually would do. Simple-Jndi also does not expose credential information to PDI neither, so we can't decrypt it before actually connecting.

    Please see: http://jira.pentaho.com/browse/PDI-2595

    If anybody extends simple-jndi http://code.google.com/p/osjava/ to sanely implement a reliable way to expose/change the password on the datasource before a connection is made, maybe we'd be able to get there.

    Best
    Slawo
    Do you want to know more? Check out Adventures with Open Source BI

  5. #5
    Join Date
    Dec 2011
    Posts
    27

    Default

    Thanks Slawo for the Jira link.
    It only makes sense to use JNDI if you deploy the code to an App Server (weblogic/websphere/etc.). The advantages include caching, pooling, security, etc. etc. In that case, if the password is not encrypted in the developers environment it may not be a big deal, as long as the production environment is secured. However, I do not know how to run PDI within an App Server. If it cannot be done, then I would advise to not bother with JNDI at all. Is there a way to run PDI within an App Server? Appreciate your help.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •