Hardening datasource configuration
As you have seen by reading this chapter, configuring a datasource, either XA or non-XA, includes providing passwords. As long as you keep the configuration to yourself, there is no issue with that. But what happens if you are working with different people, or a different team, who are not related directly to your company? Would you mind giving passwords out? I guess you would, or at least you should.
Fortunately, JBoss EAP 7 (actually, since JBoss EAP 5) provides two ways to hide your password.
One way is to encrypt your password by using hashing. The other way is to use a vault to protect one or more password in one place. We will look at both procedures in detail.
Password encryption
First of all, let's talk about hashing. Hashing is about integrity. This means that it is used to check whether a message (a text, a password, a file, and so on) that has arrived at its destination has been changed during its journey or not. A hash is not reversible. Given an...