commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dain Sundstrom (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DBCP-152) [DBCP] add a socketFactory attribute to BasicDataSource (to allow SSL "thread"-safe)
Date Fri, 20 Jul 2007 18:19:06 GMT

    [ https://issues.apache.org/jira/browse/DBCP-152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12514273
] 

Dain Sundstrom commented on DBCP-152:
-------------------------------------

Ralf,

Security is a very important issue for me, so I'm not saying that I don't want to support
security features or that I don't want anyone to implement security fixes. 

You are requesting that we add a socketFactory factory property to DBCP, which is about 7
lines of code.  The problem is once we add this property, we have no standard way to pass
this information to the JDBC driver.   One option, as you have suggested, is to add the socketFactory
property to the properties object passed to driver.connect(url, properties).   If that is
your ultimate goal, we already have a mechanism in DBCP to pass properties to the connection
factory addConnectionProperty(name, value).  Additionally, since there is no standard for
this property, it is likely that any vendor that supported the property chose a different
name (e.g., socketFactoryName, sockteFactoryClass, etc.).

There are other databases that pass this type of connection security information via the JDBC
connect URL, which makes since since the security properties apply to all connections and
not just a single connection.  Unfortunately, there is no standard way to encode properties
into a JDBC connect URL.  Fortunately, we have a standard set the connect URL setUrl(url).

To reiterate, security is very important to me, and if there were a standard way to support
this type of configuration, I would submit a patch.  In this specific case, I think there
is any way to support your request without it being vendor specific, and I do not want to
see DBCP expanded with vendor specific extensions.  

I suggest that you make a request for enhancement with the JDBC expert group (http://jcp.org/en/jsr/detail?id=221),
and if they approve security enhancements, we will support them.


> [DBCP] add a socketFactory attribute to BasicDataSource (to allow SSL "thread"-safe)
> ------------------------------------------------------------------------------------
>
>                 Key: DBCP-152
>                 URL: https://issues.apache.org/jira/browse/DBCP-152
>             Project: Commons Dbcp
>          Issue Type: Improvement
>    Affects Versions: 1.2
>         Environment: Operating System: All
> Platform: Other
>            Reporter: Ralf Hauser
>            Priority: Minor
>             Fix For: 1.3
>
>
> An app that accesses 2 datasources at two different places with different
> security policies via SSL (different set of permitted ciphers) currently is out
> of luck (http://lists.mysql.com/java/8689).
> The basic datasource should be enhanced with 
>  
>   String socketFactory = "";
> and the corresponding getter and setter method, etc.
> org.apache.commons.dbcp.DriverConnectionFactory.createConnection() could then
> hand-over this full className via its Properties argument to enable different
> SSL policies per datasource (so, since the application programmer doesn't have
> the thread under her control, I guess it should rather be called "dataSource-safe").
> The jdbc driver implementation can then use this to take the appropriate socket
> factory when creating a connection.
> See also http://lists.mysql.com/java/8695

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message