Is there any way that i can encrypt password in log4j.properties
following is my appender
log4j.appender.DB=org.apache.log4j.jdbc.JDBCAppender
log4j.appender.DB.URL=jdbc:mysql://localhost:3306/anilpractice
log4j.appender.DB.driver=com.mysql.jdbc.Driver
log4j.appender.DB.user=root
log4j.appender.DB.password=P@ssw0rd
log4j.appender.DB.sql=INSERT INTO logs VALUES('%x','%d{dd MMM yyyy HH:mm:ss}','%C','%p','%m')
log4j.appender.DB.layout=org.apache.log4j.PatternLayout
Please help me out how can i encrypt .password tag?
thank you all.
Password-Based Encryption using Salt and Base64: The password-based encryption technique uses plain text passwords and salt values to generate a hash value. And the hash value is then encoded as a Base64 string. Salt value contains random data generated using an instance of Random class from java. util package.
To use the password properties file, specify the -DpasswordFile parameter when you run the config_ant utility.
Thank God, Finally got some solution to keep encrypted password in Log4j.properties
What all we have to do is,
Replicate JDBCAppender
class of log4j.jar.
Modify the definition of
public void setPassword(String password)
{
this.databasePassword = password;
}
in JDBCAppender
according to your need And replace that class in log4j.jar.
I don't think that is possible. Even if it's possilbe, consider the following:
If you can establish a connection by only providing an "encrypted password", it's like the password is not encrypted, because everyone who copies the encrypted password can connect and compromise your database. The only different is, that the password is presented in a different way and maybe less human readable, but still fully useful. Even if you implement some symetric unencription of the password in your code, if the attacker has access to your configuration file containing the encrypted password, it is very likely that he has also access to your code running on the same machine containing the unencryption algorithm and would be able to decompile and read the algorithm.
Better create a DB-User with restricted access rights to only write into the logging table. In this way a stolen password can't harm your database very much.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With