...
- Write your own datasource implementation which wraps your datasource and obscure your brains out. See the docs on how to do this.
- Write your own
javax.naming.spi.ObjectFactory
implementation that creates and configures your datasource. - (Tomcat 7) Write your own
org.apache.tomcat.util.IntrospectionUtils.PropertySource
implementation to 'decrypt' passwords that are 'encrypted' in catalina.properties and referenced via ${...} in server.xml. You'll need to set the system propertyorg.apache.tomcat.util.digester.PROPERTY_SOURCE
to point to your PropertySource implementation. This won't provide any real security, it just adds another level of indirection - i.e. 'security by obscurity'.
...