Hi,
First of all, thanks Alexey and Clinton for your quick responses :)
Clinton:
Don't know why you've taken my question so seriously... I'm not talking about an NSA security product; I think I didn't even mention the word cryptography, and I've read -among quite a lot of other books- 'Secrets and Lies' from Bruce Schneier, so I'm quite aware of what security is and what can and cannot be achieved, especially in such a small application like the one we're planning to do, with no security experts at all among our staff.
Maybe my words were not elegant or precise enough, and I'm sorry about that cause I agree with you in what you've said about security, so to make it really clear, the only thing I was just asking for was a little help in "hiding" the username and password from, yes, call him "special agent Doofy".
This is what 95% of non-opensource applications do by embedding the connection string in the code and then just giving the binaries, being the program in charge of granting/denying access to the pieces accesing the database depending on who has logged on.
Of course this is quite a stupid approach, but seems enough to keep "Doofy" out of connecting directly to the database and messing around, which is basically what we want to achieve.
Maybe I have to investigate Alexey's solution a little further... I thought the connection string could only be stored in sqlmap.config or database.providers files -I'm a newbie to iBatis, remember that :)- but if there are other not so obvious ways (for example by using some method in the API that I don't know) I guess that would be enough.
Thanks a lot again :)
Pablo.
begin:vcard fn;quoted-printable:Pablo L=C3=B3pez n;quoted-printable:L=C3=B3pez;Pablo org;quoted-printable:Tecisa 74, S.L.;Depto. de Inform=C3=A1tica adr:;;C/ Bubierca, 6;Zaragoza;Zaragoza;50.013;Spain email;internet:[EMAIL PROTECTED] tel;work:976481481 tel;fax:976481482 x-mozilla-html:FALSE url:http://www.tecisa74.com version:2.1 end:vcard
