构建生产版本 - 数据库连接凭证
我们有一个可以为特定环境打包 war 文件的构建,其中我们的所有属性文件都嵌入到存档(war 文件)中。
我们现在即将进行生产。我担心的是代码库需要公开生产数据库密码,尽管不太可能存在生产构建配置文件运行时产生负面影响的风险。
我想到的消除此风险的选项是不在 SVN 中存储生产详细信息,并且:
让管理员覆盖用于连接到数据库的系统属性,或者
让容器管理数据库连接而不是c3p0,这样他们就可以自己管理此配置。
你有什么建议吗?
We have a build that can package war files for specific environments where all our property files are embedded in the archive (war file).
We are now about to build for production. My concern is the codebase will need to expose the production database password and although unlikely there is a risk where the production build profile could be run with a negative effect.
Options I thought of to negate this risk is to not store the production details in SVN and:
Have the administrators override system properties which are used to connect to the DB, or
Have the container manage the DB connection instead of c3p0, this way they can manage this configuration themselves.
Do you have any advice?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您绝对不应该将生产数据库用户名和密码放入源代码控制系统中。您的应用程序应该使用 JNDI 获取其数据库连接(例如
DataSource),该连接由生产环境的管理员控制/限制。例如,如果您的应用程序部署到 Tomcat,则在 tomcat/conf/context.xml 中有以下内容
..并且连接是从
java:/comp/env/jdbc/myDB获取的,无需您的应用程序必须提供用户名或密码。 Tomcat 安装在产品服务器上受到管理员的保护,因此任何没有产品服务器管理员访问权限的人都无法使用它。You should definitely not be putting the production DB username and password into your source control system. Your app should be getting its DB connection (eg a
DataSource) using JNDI which is controlled/restricted by the admins on the production environment.For example, if your app is deployed to Tomcat, you have the following in tomcat/conf/context.xml
..and the connection is obtained from
java:/comp/env/jdbc/myDBwithout your app ever having to provide a username or password. The tomcat installation is protected on the prod servers by the admins, so it is unavailable to anyone without admin access on your prod server.在生产中,我赞成根本不将凭据存储在属性文件上的方法。相反,我更喜欢应用程序服务器使用
jndi提供凭据。如果您使用的是 Apache Tomcat,请参阅例如其 jndi 参考。
In production I favor the approach to not store credentials on property files at all. Instead I prefer the application server to supply the credentials using
jndi.If you are using Apache Tomcat, see for instance their jndi reference.
我尝试过在存档中和存档外都拥有属性,并且将它们放在存档外更容易管理此类问题。
需要注意的一些事项:
使用这两个策略,开发人员可以负责管理非生产属性文件,因此也可以作为生产管理员的示例。它还将大部分属性集中在源代码控制中,提供了保持集中的一些好处,同时仍然充分解耦属性。
编辑:请注意,JNDI 是一个选项,但从架构上来说,它与外部存储属性文件相同 - 您仍然需要注意这些文件的版本,不要让它们在不同的环境中松散。
I have tried both having properties in the archive and outside of the archive, and having them outside of the archive is much easier to manage this kind of problem.
Some things to note:
Using these two policies, developers can be responsible for managing non-production property files, which also therefore serve as examples to the production admin. It also keeps most of the properties centralized in source control, giving some of the benefits of keeping things centralized, while still decoupling the properties enough.
EDIT: Note that JNDI is an option, but architecturally it is the same as storing property files outside - you still need to take care to version these not have them be loose in different environments.