From 22a5ad3acef0bfb8353dac64d4cbe0d52f6d2a07 Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期五, 01 九月 2023 10:16:41 +0800
Subject: [PATCH] [UPDATE] 解決弱點Use of hard-coded cryptographic key , 把key移到設定檔

---
 pamapi/src/main/resources/config/application-prod.yml |   36 +++++++++++++++++++++++++++++-------
 1 files changed, 29 insertions(+), 7 deletions(-)

diff --git a/pamapi/src/main/resources/config/application-prod.yml b/pamapi/src/main/resources/config/application-prod.yml
index bb30d3f..73f9399 100644
--- a/pamapi/src/main/resources/config/application-prod.yml
+++ b/pamapi/src/main/resources/config/application-prod.yml
@@ -15,9 +15,9 @@
 
 logging:
   level:
-    ROOT: INFO
-    tech.jhipster: INFO
-    com.pollex.pam: INFO
+    ROOT: DEBUG
+    tech.jhipster: DEBUG
+    com.pollex.pam: DEBUG
 
 management:
   metrics:
@@ -33,11 +33,9 @@
       enabled: false
   datasource:
     type: com.zaxxer.hikari.HikariDataSource
-    url: jdbc:postgresql://localhost:5432/pamapi
-    username: pamapi
-    password:
     hikari:
       poolName: Hikari
+    jndi-name: java:jboss/jdbc/pam
   jpa:
     database-platform: tech.jhipster.domain.util.FixedPostgreSQL10Dialect
   # Replace by 'prod, faker' to add the faker context and have sample data loaded in production
@@ -131,4 +129,28 @@
 # https://www.jhipster.tech/common-application-properties/
 # ===================================================================
 
-# application:
+# PROD�憓�Ⅱ隤�
+application:
+  mock-login: false
+  otp-web-service-url: https://vtwlifeopensystem.pru.intranet.asia/pcalife-otp/ws/otpWebService?wsdl
+  otp-web-service-password: es20!%Pass
+  otp-web-service-system-type: omo
+  e-service-login-url: https://www.eservice.pcalife.com.tw/sso/chatbotValidate
+  e-service-login-func: ValidateUsrLogin
+  e-service-login-sys: epos
+  front-end-domain: 'https://online.pcalife.com.tw/pam/#'
+  sms:
+    send-notify-msg: true
+    url:  https://vtwlifeopensystem.pru.intranet.asia/MesgQueueMgmnt/rest/smsSendMsgResource
+    source-code: ePos
+    sender: POS
+    sms-type: '0017'
+    subject: '慦�像��'
+  email:
+    send-notify-msg: true
+    url: https://vtwlifeopensystem.pru.intranet.asia/tsgw/mq/mqSendMail
+    function-id: epos
+    sender-email: noreply@pcalife.com.tw
+    method: 'PAM_EMAIL_SERVICE'
+  file-folder-path: /sfs_omo/AgentPhoto/
+  aes-key: PAMKEY1234567890

--
Gitblit v1.8.0