This is funny, but in a very serious way. Security is a very complex area of computer science. Simple encryption of a file does not achieve security. Where do you plan to store the key to decrypt the files? Given that you've already made the assumption that your end users can gain access to the application files and SQL Maps, how do you plan on protecting the rest of your application files?
It sounds to me like your application security is already useless. If your end users have access to the application files (exe, dll, config, etc.) directly you've already lost the security game. No amount of signing, encrypting with key chains or obfuscation will help you. NOBODY has ever successfully achieved this. If you manage to, call me, I'll invest in your company and we'll make CNN's Larry King Live together. Now, if you're simply looking to stop "Special Agent Doofy" from casually browsing such information, then that is something we can help you with. But please, don't call that security, or cryptography, or even encryption. We can call it "discouragement". Cheers, Clinton On Wed, 12 Jan 2005 13:49:11 +0100, Pablo Lopez <[EMAIL PROTECTED]> wrote: > Hi everybody, > > I'm new in using iBatis and I've managed to make it up and running, > providing excellent features. > > But there's one problem that I've come across: the username and password > used for the connection with the database are stored in plaintext, > either in the sqlmap.config or in the providers.config files, as also > all the SQL is in the datamaps. > > So, even if my application is quite secure, if the username, password > and the SQL sentences in the datamaps are exposed, not only everyone can > connect to the database, but he also knows the methods we use to access > it, so my application security becomes useless. > > Is there any known solution for that? Or doesn't iBatis cover that > problem and I must use the operating system features (for example file > read permissions) to overcome that problem? > > People at my company are quite reluctant to use iBatis because of those > two problems (username, password and SQL exposed in files) but I really > want to give iBatis a try, so any kind of information in solving these > issues would help a lot. > > I suppose I'm not the first one in having this issue, but I've searched > google, iBatis documentation, etc... and found nothing about it (and the > "archives" feature of this mailinglist > (http://nagoya.apache.org/eyebrowse/[EMAIL PROTECTED]) > does not seem to work. > > Thanks a lot, > > Pablo. > > >
