Wait a moment! I forgot about map files. You could encrypt only sqlmap.config - AFAIK map files should be placed on the disk. I don't know how it is possible to protect SQL statements from user :(
> -----Original Message----- > From: Alexey Boroday [mailto:[EMAIL PROTECTED] > Sent: Wednesday, January 12, 2005 3:37 PM > To: ibatis-user-cs@incubator.apache.org > Subject: RE: plaintext passwords and exposed sql in > configuration files > > Hello > > I'm set up connection string manually - from application > configuration > file. I store encrypted passwords in it. So in iBATIS file > connectionString > attribute contains one space only. > > You could ask password at runtime and concatenate it with > the connection > string. Connection string should be ready ;) (ends with 'password=') > ConnectionString could be set via > SqlMapper.DataSource.ConnectionString > > All SQL statements will be transferred via network in > plaintext AFAIK so > you should not care about it security ;) > > But if you still want to be secure - encrypt iBATIS config > files before > contribute it. You will need decrypt it in the runtime and > configure iBATIS > with SqlMapper.Configure that takes XmlDocument as parameter. > > Good luck > > > -----Original Message----- > > From: Pablo Lopez [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, January 12, 2005 2:49 PM > > To: ibatis-user-cs@incubator.apache.org > > Subject: plaintext passwords and exposed sql in configuration files > > > > Hi everybody, > > > > I'm new in using iBatis and I've managed to make it up and running, > > providing excellent features. > > > > But there's one problem that I've come across: the username > > and password > > used for the connection with the database are stored in plaintext, > > either in the sqlmap.config or in the providers.config > files, as also > > all the SQL is in the datamaps. ___________________________________________________________________________ This communication is confidential and may be legally privileged. If you believe you are not an intended recipient, please inform the sender, delete the e-mail and do not copy, print or use it or disclose it to others. You can inform the sender by replying to this e-mail or by telephone (+380 44 4906080).
