Obtaining an IntialContext from Weblogic without using clear text password

I can obtain the Weblogic InitialContext from a JNDI Client using the following properties as the Environment parameters for InitialContext

Hashtable jndiProps = new Hashtable();
jndiProps.put("java.naming.factory.initial", "t3://localhost:7001");
jndiProps.put("java.naming.provider.url", "weblogic.jndi.WLInitialContextFactory");
jndiProps.put("java.naming.security.principal", "weblogic");
jndiProps.put("java.naming.security.credentials", "weblogic");

InitialContext ctx = new InitialContext(jndiProps);

The question is, is there a way to obtain the InitialContext without specifying the security.credentials as cleartext but maybe as a hashed value?

Answers


You could use symmetric encryption, encrypt the password value and store this in the properties file. Then before creating the initial context read the property value, decrypt it and update the property before passing the jndiProps object to the InitialContext constructor.

The encryption key would still be on the client but it's going to stop someone casually reading the property file to find out the password.

Using SSL is also a good idea for protecting the password as it is transmitted between the client and the server.


Simply hashing the password has no real added security value. Since your password resides on the client anyway.

The bigest gains are to be had by using SSL encryption on your channel first with t3s and secondly a user with the least amount of privilges instead of the admin users "weblogic".


Need Your Help

gridview asp.net mouse over TR find which row was clicked on server side code

asp.net javascript gridview

I am pretty new to the whole javascript thing. I have a gridview that I want the user to be able to hover over the whole row (believe its the whole TR) and be able to click anywhere and that would...

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.