[jboss-jira] [JBoss JIRA] (JBJCA-1156) encrypted datasource security , big performence hit.
John L (JIRA)
issues at jboss.org
Mon Mar 17 14:30:10 EDT 2014
John L created JBJCA-1156:
-----------------------------
Summary: encrypted datasource security , big performence hit.
Key: JBJCA-1156
URL: https://issues.jboss.org/browse/JBJCA-1156
Project: IronJacamar
Issue Type: Bug
Affects Versions: 1.0.12.Final
Environment: using jboss 7.1.1 or jboss 7.1.3
Reporter: John L
Assignee: Jesper Pedersen
We setup our jboss7.1.3 to use encrypted datasource passwords:
<datasources>
<datasource jndi-name="java:/SomDS" pool-name="SomeDS" enabled="true" use-java-context="true">
.....
<security>
<security-domain>some-encrypted-ds</security-domain>
</security>
</datasource>
...
<security-domain name="some-encrypted-ds" cache-type="default">
<authentication>
<login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
<module-option name="username" value="some"/>
<module-option name="password" value="-......."/>
</login-module>
</authentication>
</security-domain>
By using this our system took a 30% performance hit.
Some transactions might call getConnection 50 times.
It seems from looking at code that even if a connection already exists in the pool the password is
decrypted on every call to get a connection from the datasource.
Seems like it should only decrypt when a new connection is created to the database.
Moving back to unencrypted passwords solves the performance problem.
That is using:
<security xmlns="urn:jboss:domain:datasources:1.1">
<user-name>xxx</user-name>
<password>yyy</password>
</security>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list