Differences

This shows you the differences between two versions of the page.

--- jvx:server:security:config_encrypt [2018/02/08 06:40]
admin created
+++ jvx:server:security:config_encrypt [2018/02/08 06:46]
admin
@@ Line 1: / Line 1: @@
 ~~Title: Encrypt configuration~~
+The [[jvx:common:setup:dbindependent_config|configuration of an application]] is usually separated from the source code and stored in the configuration file config.xml. The file is a standard XML file.
+If the database access data/credentials are set in clear-text, both username and password can be read out. Although this has the advantage that a change of the file is possible at any time, but also the disadvantage that the data are easily readable.
+To prevent readability, the XmlWorker supports transparent encryption. You can work with plain text files without any care during the development phase, and switch to encrypted mode when installing on the production system. You do not need to change your source code.
+To encrypt a configuration file the following source code can be used:
+<file java>
+XmlWorker xmw = new XmlWorker();
+xmw.setAutomaticDecrypt(true);
+xmw.setEncrypted("/application/securitymanager", true);
+xmw.setEncrypted("/application/lifecycle", true);
+xmw.setEncrypted("/application/datasource", true);
+File fiConfig = new File(sFile);
+XmlNode xmn = xmw.read(fiConfig);
+xmw.write(fiConfig, xmn);
+</file>
+Simply set XML nodes to encrypt. All non-essential parts of the file can still remain in plain text and the important data is protected.
+==Example==
+A very easy-to-read configuration:
+<file xml config.xml>
+<?xml version="1.0" encoding="UTF-8"?>
+<application>
+  <securitymanager>
+    <class>com.sibvisions.rad.server.security.DBSecurityManager</class>
+    <database>
+      <driver>org.hsqldb.jdbcDriver</driver>
+      <url>jdbc:hsqldb:hsql://localhost/demodb;ifexists=true</url>
+      <username>sa</username>
+      <password></password>
+    </database>
+  </securitymanager>
+  <!-- optional database configuration -->
+  <databaseobjects>
+    <yesvalue>Y</yesvalue>
+    <NUSERS>TBL_USERS</NUSERS>
+    <NUSERS_CHANGE_PASSWORD>CHANGE_PASSWORD</NUSERS_CHANGE_PASSWORD>
+    <NUSERS_VALID_FROM>COL_VALID_FROM</NUSERS_VALID_FROM>
+    <NUSERS_VALID_TO>COL_VALID_TO</NUSERS_VALID_TO>
+    <NUSERS_ACTIVE>COL_ACTIVE</NUSERS_ACTIVE>
+  </databaseobjects>
+    <!-- predefined life-cycle object names -->
+  <lifecycle>
+    <mastersession>democopy.Session</mastersession>
+    <application>democopy.Application</application>
+  </lifecycle>
+</application>
+</file>
+And now protected:
+<file xml config.xml>
+<?xml version="1.0" encoding="UTF-8"?>
+<application>
+  <securitymanager encrypted="true">1f8b08000000000000005d90310ec2300c45774ec109e21d4206c4cac4099cc4b4416903765ae0f6244d111293fdfdfdac2f6b213771c8ef0147ec88cd66bbd52ea28871695012ec1c24a45114a357423c13ab2fa34ec7cbda9e1baea1b1f58ac78c1685aaa89243614de24ef5f288deaa9bb7eeb44c35ac6e5b9d389a6aeedae252760031398c7d920c9e86e4ed3e5ce91524cb21f3441a2ab61e2841471cc80896f15734ef5ef23d137b5842c22fa586ff5f7c00b0e53e381d010000</securitymanager>
+  <!-- optional database configuration -->
+  <databaseobjects>
+    <yesvalue>Y</yesvalue>
+    <NUSERS>TBL_USERS</NUSERS>
+    <NUSERS_CHANGE_PASSWORD>CHANGE_PASSWORD</NUSERS_CHANGE_PASSWORD>
+    <NUSERS_VALID_FROM>COL_VALID_FROM</NUSERS_VALID_FROM>
+    <NUSERS_VALID_TO>COL_VALID_TO</NUSERS_VALID_TO>
+    <NUSERS_ACTIVE>COL_ACTIVE</NUSERS_ACTIVE>
+  </databaseobjects>
+  <!-- predefined life-cycle object names -->
+  <lifecycle encrypted="true">1f8b0800000000000000b3c9c94c4b4dae4cce49b5e35250b0c94d2c2e492d2a4e2d2ececccfb34b49cdcd4fce2fa8d40b8608d8e8a3ca8374241614e464262796a0a8774408dae823abe0b2d1475808003864e6777c000000</lifecycle>
+</application>
+</file>