~~Title: Encrypt Configuration~~
The [[jvx:common:setup:dbindependent_config|configuration of an application]] is usually separated from the source code and stored in the configuration file config.xml. The file is a standard XML file.
If the database access data/credentials are set in clear text, both username and password can be read out. Although this has the advantage that a change of the file is possible at any time, it also has the disadvantage of the data being easily readable.
To prevent readability, the XmlWorker supports transparent encryption. You can work with plain-text files without any care during the development phase and switch to encrypted mode when installing on the production system. You do not need to change your source code.
To encrypt a configuration file, the following source code can be used:
XmlWorker xmw = new XmlWorker();
xmw.setAutomaticDecrypt(true);
xmw.setEncrypted("/application/securitymanager", true);
xmw.setEncrypted("/application/lifecycle", true);
xmw.setEncrypted("/application/datasource", true);
File fiConfig = new File(sFile);
XmlNode xmn = xmw.read(fiConfig);
xmw.write(fiConfig, xmn);
Simply set XML nodes to encrypt. All non-essential parts of the file can still remain in plain text and the important data is protected.
==Example==
A very easy-to-read configuration:
com.sibvisions.rad.server.security.DBSecurityManager
org.hsqldb.jdbcDriver
jdbc:hsqldb:hsql://localhost/demodb;ifexists=true
sa
Y
TBL_USERS
CHANGE_PASSWORD
COL_VALID_FROM
COL_VALID_TO
COL_ACTIVE
democopy.Session
democopy.Application
And now protected:
1f8b08000000000000005d90310ec2300c45774ec109e21d4206c4cac4099cc4b4416903765ae0f6244d111293fdfdfdac2f6b213771c8ef0147ec88cd66bbd52ea28871695012ec1c24a45114a357423c13ab2fa34ec7cbda9e1baea1b1f58ac78c1685aaa89243614de24ef5f288deaa9bb7eeb44c35ac6e5b9d389a6aeedae252760031398c7d920c9e86e4ed3e5ce91524cb21f3441a2ab61e2841471cc80896f15734ef5ef23d137b5842c22fa586ff5f7c00b0e53e381d010000
Y
TBL_USERS
CHANGE_PASSWORD
COL_VALID_FROM
COL_VALID_TO
COL_ACTIVE
1f8b0800000000000000b3c9c94c4b4dae4cce49b5e35250b0c94d2c2e492d2a4e2d2ececccfb34b49cdcd4fce2fa8d40b8608d8e8a3ca8374241614e464262796a0a8774408dae823abe0b2d1475808003864e6777c000000