Details
-
Bug
-
Resolution: Won't Do
-
Major
-
None
-
1.0.12.Final
-
None
-
None
Description
We setup our jboss7.1.3 to use encrypted datasource passwords:
<datasources>
<datasource jndi-name="java:/SomDS" pool-name="SomeDS" enabled="true" use-java-context="true">
.....
<security>
<security-domain>some-encrypted-ds</security-domain>
</security>
</datasource>
...
<security-domain name="some-encrypted-ds" cache-type="default">
<authentication>
<login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
<module-option name="username" value="some"/>
<module-option name="password" value="-......."/>
</login-module>
</authentication>
</security-domain>
By using this our system took a 30% performance hit.
Some transactions might call getConnection 50 times.
It seems from looking at code that even if a connection already exists in the pool the password is
decrypted on every call to get a connection from the datasource.
Seems like it should only decrypt when a new connection is created to the database.
Moving back to unencrypted passwords solves the performance problem.
That is using:
<security xmlns="urn:jboss:domain:datasources:1.1">
<user-name>xxx</user-name>
<password>yyy</password>
</security>