[jboss-jira] [JBoss JIRA] (JBJCA-1156) encrypted datasource security , big performence hit.

Jesper Pedersen (JIRA) issues at jboss.org
Fri Jul 18 10:10:29 EDT 2014 

     [ https://issues.jboss.org/browse/JBJCA-1156?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jesper Pedersen closed JBJCA-1156.
----------------------------------

    Resolution: Won't Fix


> encrypted datasource security , big performence hit.
> ----------------------------------------------------
>
>                 Key: JBJCA-1156
>                 URL: https://issues.jboss.org/browse/JBJCA-1156
>             Project: IronJacamar
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>    Affects Versions: 1.0.12.Final
>         Environment: using jboss 7.1.1 or jboss 7.1.3
>            Reporter: John L
>            Assignee: Jesper Pedersen
>
> We setup our jboss7.1.3 to use encrypted datasource passwords:
>    <datasources>
>                 <datasource jndi-name="java:/SomDS" pool-name="SomeDS" enabled="true" use-java-context="true">
> .....
>                     <security>
>                         <security-domain>some-encrypted-ds</security-domain>
>                     </security>
>                 </datasource>
>  
> ...
>             	<security-domain name="some-encrypted-ds" cache-type="default">
>                 	<authentication>
>                     	<login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
>                         	<module-option name="username" value="some"/>
>                         	<module-option name="password" value="-......."/>
>                     	</login-module>
>                 	</authentication>
>             	</security-domain>
> By using this our system took a 30% performance hit.
> Some transactions might call getConnection 50 times.
> It seems from looking at code that even if a connection already exists in the pool the password is
> decrypted on every call to get a connection from the datasource.
> Seems like it should only decrypt when a new connection is created to the database.
> Moving back to unencrypted passwords solves the performance problem.
> That is using:
> <security xmlns="urn:jboss:domain:datasources:1.1">
>                     <user-name>xxx</user-name>
>                     <password>yyy</password>
>                 </security>



--
This message was sent by Atlassian JIRA
(v6.2.6#6264)

More information about the jboss-jira mailing list