Reputation: 81
How is the password of the data source stored in the WSO2 Data Services Server?
In the data services server, one of the step is to create a Data Source, in which you need to supply the connection URL as well as the database userId and password.
My questions are
- how is this password store in the data services server?
- Is the password encrypted and what kind of encryption is used?
- Is the password stored in a database or a file?
- Where can I find out more about this as there is not much details in the documentation?
I need to find answers to these questions as these will be potential questions from the database security team when we plan to roll out WSO2 DSS to the live environment.
If no answers will also appreciate any links or emails that I can send my queries to.
Upvotes: 0
Views: 958
Answers (2)
Reputation: 614
By default data services does not encrypt the password entries that are in the .dbs files. You can use Synapse datasource.properties file to define global datasources and access them as "Carbon Datasources" from data services. These data in the datasource.properties file can be encrypted using secure vault functionality, for more info, check [1].
Also, in the DSS v2.6.3 release, we had partial secure vault implementation, but it is not publicly documented, but can still accessed from here [2]. That implementation is not fully integrated to Carbon secure vault implementation, and you will have to write your own "SecretCallBackHandler"s.
From the upcoming DSS v3.0.0 release, which is to be released soon, it will contain proper secure vault functionality by integrating to Carbon secure vault, where you can give aliases to the password fields from the data service wizard itself. Also, we also have new XML configurations for defining global data sources, which is independent from Synapse, and is also integrated with secure vault.
[1] http://wso2.org/project/esb/java/4.0.0/docs/samples_setup_guide.html#datasource [2] http://wso2.org/project/data-services/2.6.3/docs/secureVault.html
Cheers, Anjana.
Upvotes: 0
Reputation: 1238
if you use current release of a data service server this information is stored in the registry.
with the next release it will be possible to specify these as an xml file and secure the xml file using secure valult.
Upvotes: 1
Related Questions
- How to add OAuth feature to DSS
- In what encryption type are passwords of wso2 user table (um_user) in wso2_shared_db stored?
- Wher is stored admin username and password inside WSO2 Prodcuts?
- How to configure Data Source in Data Service on WSO2 Micro Integrator?
- Data Access Provisioning in WSO2 API Manager
- wso2 dss to SQL Server connectivity using Windows authentication
- wso2 Securing Passwords in Configuration Files
- Where are Data Sources of WSO2 Data Services Server stored?
- WSO2 Identity Server: Storing user password as PlainText
- WSO2 Data Services Server REST configuration