Subject Re: [Firebird-Java] Hard-coding database password
Author Rick Fincher
Hi Rick,

I'm not sure I understand your question fully, but what I think you
trying to avoid is hard coding the Firebird password in your J2EE server
config files for your DataSources on the app server?

Isn't the procedure for this going to be dependent on the particular
J2EE you are using?

On the off chance you are trying to encrypt the passwords in Java to
validate against the isc4.gdb or security.fdb security databases in
Firebird, the procedure for doing this with JCrypt is below. JCrypt is
in the download section of this group.


Hi Nick,
> >
> > From the commandline it looks like this:
> >
> > JCrypt "masterkey" with salt of 9z:
> >
> > C:\myProjects\jcrypt>java JCrypt 9z masterkey
> > [9z] [masterkey] => [9zQP3LMZ/MJh.]
> >
> > Strip the salt off the result (the "9z" at the beginning) and JCrypt it
> > again using 9z as salt:
> >
> > C:\myProjects\jcrypt>java JCrypt 9z QP3LMZ/MJh.
> > [9z] [QP3LMZ/MJh.] => [9zn2zpJI3qBh2]
> >
> > Now strip the salt off the result (again the 9z at the beginning)
> and you
> > get: n2zpJI3qBh2
> >
> > That should be in your password database, at least it was in my isc4.gdb
> > database under Firebird 1.0.
> >
> > Is that what you were doing or did it change for Firebird 1.5 and the
> > security.fdb database?

Rick Debay wrote:

>Can someone give me a pointer on where to look? I need to use LDAP or
>other method to separate the password from the J2EE app server. We
>can't lock our app server down as well as I would like, so I don't want
>any passwords compromised.
>I know this is a common practice, and I've read about it before, but for
>the life of me I can't find anything.
>Thanks, Rick DeBay