Re: mySQL JDBC connectiion using wallet
Posted by: Todd Farmer
Date: May 14, 2015 08:55AM

Hello Ajay,

There is currently no Connector/Java integration with Oracle Wallet - that's the short answer.

A longer answer: I'm not entirely sure what you're looking to accomplish. The .mylogin.cnf file isn't "password-less", really - it just obfuscates the password in a configuration file, and ensures proper file permissions. The mysql client reads the .mylogin.cnf file, decrypts the stored password (the encryption only obfuscates, not protects - it's trivially easy to decrypt the contents if you have access to the file), and uses that to connect to the MySQL Server. I wrote a blog post explaining this, if it interests you:

Connector/Java can also read in a configuration (properties) file so that you can store passwords externally, in the same way .mylogin.cnf does. You would want to take appropriate steps to restrict access to such a properties file, again, like .mylogin.cnf is managed. It won't encrypt the password (or other contents), but as I noted above, the encryption used in .mylogin.cnf isn't for content protection - it's just obfuscation.

If you are talking about truly "password-less" login, you might look at client TLS key/certs and REQUIRE X509. Then you can provide key material to the client for authentication instead of a password. Effectively, though, you're substituting a file for a password as the authentication credentials.

I personally don't know much about Wallet, but I *presume* that clients must supply some sort of Wallet credentials in order to obtain credentials to access resources like the database. In such use cases, Connector/Java will need access to the Wallet credentials instead of the database credentials - and your concern about how to protect the Wallet credentials replaces the current concern about protecting MySQL credentials.

I hope that helps!

Todd Farmer
MySQL @ Oracle

Options: ReplyQuote

Written By
Re: mySQL JDBC connectiion using wallet
May 14, 2015 08:55AM

Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.