Thanks for the clarification. Now that we know what we're after, I wonder how hard it would be to simply serialize the DOM of the XML structure. That would give you a binary file. Then, with some simple obfuscation (ROT-13) on the text, you'd have a fairly jumbled file that would have Doofy scratching his head.
Now, we could use a keyed algorithm (AES), but then we're back to the key chain. One approach I've used in the past was to force the administrator to enter a password on startup. That way the key doesn't have to be kept on the server at all. None of this has to be done by iBATIS, it would be relatively simple to create a stream filter for such binary/obfuscated/encrypted files. Cheers, Clinton On Wed, 12 Jan 2005 16:36:37 +0100, Pablo Lopez <[EMAIL PROTECTED]> wrote: > Hi, > > First of all, thanks Alexey and Clinton for your quick responses :) > > Clinton: > > Don't know why you've taken my question so seriously... I'm not talking > about an NSA security product; I think I didn't even mention the word > cryptography, and I've read -among quite a lot of other books- 'Secrets > and Lies' from Bruce Schneier, so I'm quite aware of what security is > and what can and cannot be achieved, especially in such a small > application like the one we're planning to do, with no security experts > at all among our staff. > > Maybe my words were not elegant or precise enough, and I'm sorry about > that cause I agree with you in what you've said about security, so to > make it really clear, the only thing I was just asking for was a little > help in "hiding" the username and password from, yes, call him "special > agent Doofy". > > This is what 95% of non-opensource applications do by embedding the > connection string in the code and then just giving the binaries, being > the program in charge of granting/denying access to the pieces accesing > the database depending on who has logged on. > > Of course this is quite a stupid approach, but seems enough to keep > "Doofy" out of connecting directly to the database and messing around, > which is basically what we want to achieve. > > Maybe I have to investigate Alexey's solution a little further... I > thought the connection string could only be stored in sqlmap.config or > database.providers files -I'm a newbie to iBatis, remember that :)- but > if there are other not so obvious ways (for example by using some method > in the API that I don't know) I guess that would be enough. > > Thanks a lot again :) > > Pablo. > > >
