How can I encrypt password in log4j.properties?

Question

Is there any way that i can encrypt password in log4j.properties

following is my appender

log4j.appender.DB=org.apache.log4j.jdbc.JDBCAppender
log4j.appender.DB.URL=jdbc:mysql://localhost:3306/anilpractice
log4j.appender.DB.driver=com.mysql.jdbc.Driver
log4j.appender.DB.user=root
log4j.appender.DB.password=P@ssw0rd
log4j.appender.DB.sql=INSERT INTO logs VALUES('%x','%d{dd MMM yyyy HH:mm:ss}','%C','%p','%m')
log4j.appender.DB.layout=org.apache.log4j.PatternLayout

Please help me out how can i encrypt .password tag?

thank you all.

Answer 1

Thank God, Finally got some solution to keep encrypted password in Log4j.properties

What all we have to do is,

Replicate JDBCAppender class of log4j.jar.

Modify the definition of

public void setPassword(String password)
  {
          this.databasePassword = password;
  }

in JDBCAppender

according to your need And replace that class in log4j.jar.

Answer 2

I don't think that is possible. Even if it's possilbe, consider the following:

If you can establish a connection by only providing an "encrypted password", it's like the password is not encrypted, because everyone who copies the encrypted password can connect and compromise your database. The only different is, that the password is presented in a different way and maybe less human readable, but still fully useful. Even if you implement some symetric unencription of the password in your code, if the attacker has access to your configuration file containing the encrypted password, it is very likely that he has also access to your code running on the same machine containing the unencryption algorithm and would be able to decompile and read the algorithm.

Better create a DB-User with restricted access rights to only write into the logging table. In this way a stolen password can't harm your database very much.