US and Worldwide: +1 (866) 660-7555
Results 1 to 5 of 5

Thread: Encrypted JNDI Password

  1. #1
    Join Date
    Dec 2011

    Default Encrypted JNDI Password

    I am on Ubuntu 11.10. PDI version is 4.2.1. I am using a database repository.

    I have created a JNDI connection in /opt/pentaho/data-integration/simple-jndi/ to a mysql database. The password is unencrypted this time (NOT encrypted). Then went into Tools > Repository > Explore - Click on Connections tab, and created a new connection using JNDI. Clicked on Test Connection, and it works fine.

    Next, created an Obfuscated password as follows:
    /opt/pentaho/data-integration/ -kettle gigagroup
    Output is,
    Encrypted 2be98afc86aa7f283a21eaf77cc9dbaca

    Edited the as follows:
    ggjndi/password=Encrypted 2be98afc86aa7f283a21eaf77cc9dbaca

    Restarted Spoon.
    Test Connection does not work.

    Restored the unencrypted password back in the file, restarted Spoon, and it works fine again. Did this several time to check if I was doing any simple mistake, but it consistently does not work with encrypted password.

    Is this a bug? Am I doing something wrong? Anyone tried it?
    Any help is greatly appreciated.

    - Nili

  2. #2
    Join Date
    Dec 2011


    Does anyone use JNDI? ( Or most of you use simple DB Connection )
    Does anyone encrypt the JNDI password at all?
    (there are lot of views on this issue, but no reply ... very curious now)

  3. #3


    I have the same problem
    BizCubed Pty Ltd
    Australian Pentaho Partner

  4. #4
    Join Date
    Sep 2009


    Hi everyone,

    I'm jumping in to explain the issue. From a JNDI user's perspective there's no way of getting at the configured password. Meaning that if (as a programmer) you're using JNDI, you get a datasource object that does not expose the credentials used to configure it. It's part of the idea of JNDI to not expose that information to the user of a connection. We're using the simple-jndi library in PDI, which simulates what an app server usually would do. Simple-Jndi also does not expose credential information to PDI neither, so we can't decrypt it before actually connecting.

    Please see:

    If anybody extends simple-jndi to sanely implement a reliable way to expose/change the password on the datasource before a connection is made, maybe we'd be able to get there.

    Do you want to know more? Check out Adventures with Open Source BI

  5. #5
    Join Date
    Dec 2011


    Thanks Slawo for the Jira link.
    It only makes sense to use JNDI if you deploy the code to an App Server (weblogic/websphere/etc.). The advantages include caching, pooling, security, etc. etc. In that case, if the password is not encrypted in the developers environment it may not be a big deal, as long as the production environment is secured. However, I do not know how to run PDI within an App Server. If it cannot be done, then I would advise to not bother with JNDI at all. Is there a way to run PDI within an App Server? Appreciate your help.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts