Hi everybody,
I'm new in using iBatis and I've managed to make it up and running, providing excellent features.
But there's one problem that I've come across: the username and password used for the connection with the database are stored in plaintext, either in the sqlmap.config or in the providers.config files, as also all the SQL is in the datamaps.
So, even if my application is quite secure, if the username, password and the SQL sentences in the datamaps are exposed, not only everyone can connect to the database, but he also knows the methods we use to access it, so my application security becomes useless.
Is there any known solution for that? Or doesn't iBatis cover that problem and I must use the operating system features (for example file read permissions) to overcome that problem?
People at my company are quite reluctant to use iBatis because of those two problems (username, password and SQL exposed in files) but I really want to give iBatis a try, so any kind of information in solving these issues would help a lot.
I suppose I'm not the first one in having this issue, but I've searched google, iBatis documentation, etc... and found nothing about it (and the "archives" feature of this mailinglist (http://nagoya.apache.org/eyebrowse/[EMAIL PROTECTED]) does not seem to work.
Thanks a lot,
Pablo.
begin:vcard fn;quoted-printable:Pablo L=C3=B3pez n;quoted-printable:L=C3=B3pez;Pablo org;quoted-printable:Tecisa 74, S.L.;Depto. de Inform=C3=A1tica adr:;;C/ Bubierca, 6;Zaragoza;Zaragoza;50.013;Spain email;internet:[EMAIL PROTECTED] tel;work:976481481 tel;fax:976481482 x-mozilla-html:FALSE url:http://www.tecisa74.com version:2.1 end:vcard
