JarCasting
JarCasting JarCasting

com.github.sejoung:tomcat-jdbc-encrypt

tomcat-jdbc-encrypt

License

License
Categories

Categories

Tomcat Container Application Servers
GroupId

GroupId

com.github.sejoung
ArtifactId

ArtifactId

tomcat-jdbc-encrypt
Last Version

Last Version

1.6
Release Date

Release Date
Type

Type

jar
Description

Description

com.github.sejoung:tomcat-jdbc-encrypt
tomcat-jdbc-encrypt
Project URL

Project URL

https://github.com/sejoung
Source Code Management

Source Code Management

http://github.com/sejoung/tomcat-jdbc-encrypt/tree/master

Download tomcat-jdbc-encrypt

Filename Size
tomcat-jdbc-encrypt-1.6.pom
tomcat-jdbc-encrypt-1.6.jar 11 KB
tomcat-jdbc-encrypt-1.6-sources.jar 6 KB
tomcat-jdbc-encrypt-1.6-javadoc.jar 53 KB
Browse

How to add to project

<!-- https://jarcasting.com/artifacts/com.github.sejoung/tomcat-jdbc-encrypt/ -->
<dependency>
    <groupId>com.github.sejoung</groupId>
    <artifactId>tomcat-jdbc-encrypt</artifactId>
    <version>1.6</version>
</dependency>
// https://jarcasting.com/artifacts/com.github.sejoung/tomcat-jdbc-encrypt/
implementation 'com.github.sejoung:tomcat-jdbc-encrypt:1.6'
// https://jarcasting.com/artifacts/com.github.sejoung/tomcat-jdbc-encrypt/
implementation ("com.github.sejoung:tomcat-jdbc-encrypt:1.6")
'com.github.sejoung:tomcat-jdbc-encrypt:jar:1.6'
<dependency org="com.github.sejoung" name="tomcat-jdbc-encrypt" rev="1.6">
  <artifact name="tomcat-jdbc-encrypt" type="jar" />
</dependency>
@Grapes(
@Grab(group='com.github.sejoung', module='tomcat-jdbc-encrypt', version='1.6')
)
libraryDependencies += "com.github.sejoung" % "tomcat-jdbc-encrypt" % "1.6"
[com.github.sejoung/tomcat-jdbc-encrypt "1.6"]

Dependencies

provided (2)

Group / Artifact Type Version
org.apache.tomcat : tomcat-jdbc jar 7.0.90
org.apache.tomcat : tomcat-dbcp jar 7.0.90

test (1)

Group / Artifact Type Version
junit : junit jar 4.12

Project Modules

There are no modules declared in this project.

톰캣 DataSource user 정보 암호화 시키기

톰캣에 jndi를 설정 하기 위해서 Resource를 추가 하는데 그곳에 계정 정보가 들어가게 된다

서버 해킹시 계정 정보가 암호화 되있지 않고 노출 되어 있어서 암호화 복호화 로직이 들어가게 된다.

https://issues.sonatype.org/browse/OSSRH-41242

톰캣 7.0.55 버전과 6.0.41버전으로 테스트를 해보았다.

Resource 설정

톰캣 7.0 이상

<Resource name="jdbc/TestDB"
          factory="com.github.sejoung.support.tomcat.jdbc.EncryptedDataSourceFactory"
          auth="Container"
          type="javax.sql.DataSource"
          maxActive="100"
          maxIdle="30"
          maxWait="10000"
          secretKey="key"
          username="808233982b9c435fb8a3331634a3c48b"
          password="3b8dcdcf348d8b466915f66c30003e95"
          driverClassName="org.mariadb.jdbc.Driver"
          url="jdbc:mariadb://localhost:3306/test"/>

톰캣 7.0이하

<Resource name="jdbc/TestDB"
          factory="com.github.sejoung.support.tomcat.jdbc.EncryptedDataSourceFactoryDbcp"
          auth="Container"
          type="javax.sql.DataSource"
          maxActive="100"
          maxIdle="30"
          maxWait="10000"
          secretKey="key"          
          username="808233982b9c435fb8a3331634a3c48b"
          password="3b8dcdcf348d8b466915f66c30003e95"
          driverClassName="org.mariadb.jdbc.Driver"
          url="jdbc:mariadb://localhost:3306/test"/>

pom.xml에 추가후에 위에 처럼 사용가능

<dependency>
    <groupId>com.github.sejoung</groupId>
    <artifactId>tomcat-jdbc-encrypt</artifactId>
    <version>1.6</version>
</dependency>

1.6 버전에 decrypt 추가

USAGE: java -jar tomcat-jdbc-encrypt-[version].jar [encrypt,decrypt] [secretKey] [string-to-encrypt,string-to-decrypt]

java -jar tomcat-jdbc-encrypt-1.4.jar encrypt key 1

java -jar tomcat-jdbc-encrypt-1.4.jar decrypt key eb77d942479a6b2e44841d653175e8a3

Versions

Version
1.6
1.5
1.4
1.3
1.2
1.1
1.0