Posted By:
Anthony_Law
Posted On:
Tuesday, June 3, 2003 11:08 AM
Hi all, What is the general practice for encrypting sensitive info (eg VISA/MC) in EJBs before persisting to a datasource? My plan is to provide encrypt/decrypt methods in my Session Beans to hide/unhide data. I already wrote a thread-safe AES util class (using BouncyCastle) that would take in a secretKey & do the grunt work. Please tell me: 1) Whether I'm on the right track, and what is the most efficient way to make this util class available to my EJBs. 2) If there is a way to access my Keystore entries within my EJBs (deployed in JBoss), so I can grab a private or secret key. 3) Whether there is any need to create a pool of my Crypto util
More>>
Hi all,
What is the general practice for encrypting sensitive info (eg VISA/MC) in EJBs before persisting to a datasource?
My plan is to provide encrypt/decrypt methods in my Session Beans to hide/unhide data. I already wrote a thread-safe AES util class (using BouncyCastle) that would take in a secretKey & do the grunt work. Please tell me:
1) Whether I'm on the right track, and what is the most efficient way to make this util class available to my EJBs.
2) If there is a way to access my Keystore entries within my EJBs (deployed in JBoss), so I can grab a private or secret key.
3) Whether there is any need to create a pool of my Crypto util class, if deployed in a single CPU env.
Thanks,
Anthony.
<<Less
