Im still a new user with XWIKI and I haven’t found a fourm post about this topic. We have been using the container version of XWIKI. As I have been trying to secure the container a little better, I noticed that the hibernate files in the data folder and the WEB-INF folder contain plain text username and password for the database. We are using a postgres RDS instance in AWS and would like to know if there is a way to obfuscate the password, at minimum, and the username as well if possible.
Any help would be greatly appreciated.
An idea would be to use a data source. This pushes the definition of the username and password to the container you’re using. I don’t know if that container supports securing them or not. Just googled and found https://stackoverflow.com/questions/129160/how-to-avoid-storing-passwords-in-the-clear-for-tomcats-server-xml-resource-def
Normally what people do is that they secure the access to the file system, i.e where WEB-INF/ is located.