karaf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Guillaume Nodet <gno...@gmail.com>
Subject Re: databasing /etc properties
Date Wed, 29 Dec 2010 19:14:31 GMT
I think the best way would be to implement a new ConfigAdmin or extend
the existing one and then disable the monitoring of the etc folder by
fileinstall.  Afair the current ConfigAdmin has already a pluggable
backend so you could use jdbc, ldap, or any other technology.

On Wednesday, December 29, 2010, karafman <mvangeertruy@comcast.net> wrote:
>
> All,
>
> In IRC there was a short discussion about the merits of databasing
> properties normally placed in the /etc directory.  The benefits of this
> would be security-related, by placing the sensitive configurable properties
> in a user-authenticated database, we would decrease the access to those
> files, instead of simply making them available. Below is the discussion:
> [10:25] <karafman>      Do any of you place properties in a database table
> instead of in the /etc directory?
> [10:27] <kit>   i'm doing something of the sort with Derby…not quite
> properties - but there's a lookup on service startup. trying to figure out
> if it is possible to tie-in to CM.
> [10:32] <karafman>      I think there'd need to be a code-change, but I really
> like the idea of databasing properties. The additional security you'd get
> outweighs the effort needed to implement it (IMHO).
> [10:35] <karafman>      I'll add a discussion topic on this to the Developers
> list.
> [10:36] <kit>   cool.
> [10:36] <karafman>      Once I get permission to post to the dev's list, I mean.
> :-)
> [10:37] <karafman>      I'm thinking something like, if the /etc directory is
> missing, automatically connect to an internal derby or H2 implementation and
> fetch properties.
> [10:40] <karafman>      Among those properties would be a database.cfg table
> containing connection information to different database which would hold
> service/application specific properties.
> [10:41] <kit>   i don't know about not having /etc - but do think there could
> be a file there that points to the db config
> [10:42] <splatch>       karafman: I don't think it is a good idea. For the Karaf
> it's a lot of work because we have Configuration Admin as OSGi service which
> reads properties from files
> [10:42] <splatch>       if you would like to move your properties to database
you
> might think about wrapping Configuration Admin service
> [10:42] <kit>   @splatch but CA could read from DB too
> [10:42] <kit>   right...:)
> [10:42] <kit>   a remote db at that.
> [10:43] <splatch>       that might be fancy stuff for configuration management
> [10:43] <splatch>       in bigger deployments
>
> -----
> Karafman
> Slayer of the JEE
> Pounder of the Perl Programmer
>
> --
> View this message in context: http://karaf.922171.n3.nabble.com/databasing-etc-properties-tp2163277p2163277.html
> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>

-- 
Cheers,
Guillaume Nodet
------------------------
Blog: http://gnodet.blogspot.com/
------------------------
Open Source SOA
http://fusesource.com

Mime
View raw message