Differences

This shows you the differences between two versions of the page.

--- jvx:server:security:config_encrypt [2018/02/08 06:40]
admin created
+++ jvx:server:security:config_encrypt [2020/06/15 11:33] (current)
cduncan Edited for English grammar (capitalization, punctuation, correct verb conjugation)
@@ Line 1: / Line 1: @@
-~~Title: Encrypt configuration~~
+~~Title: Encrypt Configuration~~
+The [[jvx:common:setup:dbindependent_config|configuration of an application]] is usually separated from the source code and stored in the configuration file config.xml. The file is a standard XML file.
+If the database access data/credentials are set in clear text, both username and password can be read out. Although this has the advantage that a change of the file is possible at any time, it also has the disadvantage of the data being easily readable.
+To prevent readability, the XmlWorker supports transparent encryption. You can work with plain-text files without any care during the development phase and switch to encrypted mode when installing on the production system. You do not need to change your source code.
+To encrypt a configuration file, the following source code can be used:
+<file java>
+XmlWorker xmw = new XmlWorker();
+xmw.setAutomaticDecrypt(true);
+xmw.setEncrypted("/application/securitymanager", true);
+xmw.setEncrypted("/application/lifecycle", true);
+xmw.setEncrypted("/application/datasource", true);
+File fiConfig = new File(sFile);
+XmlNode xmn = xmw.read(fiConfig);
+xmw.write(fiConfig, xmn);
+</file>
+Simply set XML nodes to encrypt. All non-essential parts of the file can still remain in plain text and the important data is protected.
+==Example==
+A very easy-to-read configuration:
+<file xml config.xml>
+<?xml version="1.0" encoding="UTF-8"?>
+<application>
+  <securitymanager>
+    <class>com.sibvisions.rad.server.security.DBSecurityManager</class>
+    <database>
+      <driver>org.hsqldb.jdbcDriver</driver>
+      <url>jdbc:hsqldb:hsql://localhost/demodb;ifexists=true</url>
+      <username>sa</username>
+      <password></password>
+    </database>
+  </securitymanager>
+  <!-- optional database configuration -->
+  <databaseobjects>
+    <yesvalue>Y</yesvalue>
+    <NUSERS>TBL_USERS</NUSERS>
+    <NUSERS_CHANGE_PASSWORD>CHANGE_PASSWORD</NUSERS_CHANGE_PASSWORD>
+    <NUSERS_VALID_FROM>COL_VALID_FROM</NUSERS_VALID_FROM>
+    <NUSERS_VALID_TO>COL_VALID_TO</NUSERS_VALID_TO>
+    <NUSERS_ACTIVE>COL_ACTIVE</NUSERS_ACTIVE>
+  </databaseobjects>
+    <!-- predefined life-cycle object names -->
+  <lifecycle>
+    <mastersession>democopy.Session</mastersession>
+    <application>democopy.Application</application>
+  </lifecycle>
+</application>
+</file>
+And now protected:
+<file xml config.xml>
+<?xml version="1.0" encoding="UTF-8"?>
+<application>
+  <securitymanager encrypted="true">1f8b08000000000000005d90310ec2300c45774ec109e21d4206c4cac4099cc4b4416903765ae0f6244d111293fdfdfdac2f6b213771c8ef0147ec88cd66bbd52ea28871695012ec1c24a45114a357423c13ab2fa34ec7cbda9e1baea1b1f58ac78c1685aaa89243614de24ef5f288deaa9bb7eeb44c35ac6e5b9d389a6aeedae252760031398c7d920c9e86e4ed3e5ce91524cb21f3441a2ab61e2841471cc80896f15734ef5ef23d137b5842c22fa586ff5f7c00b0e53e381d010000</securitymanager>
+  <!-- optional database configuration -->
+  <databaseobjects>
+    <yesvalue>Y</yesvalue>
+    <NUSERS>TBL_USERS</NUSERS>
+    <NUSERS_CHANGE_PASSWORD>CHANGE_PASSWORD</NUSERS_CHANGE_PASSWORD>
+    <NUSERS_VALID_FROM>COL_VALID_FROM</NUSERS_VALID_FROM>
+    <NUSERS_VALID_TO>COL_VALID_TO</NUSERS_VALID_TO>
+    <NUSERS_ACTIVE>COL_ACTIVE</NUSERS_ACTIVE>
+  </databaseobjects>
+  <!-- predefined life-cycle object names -->
+  <lifecycle encrypted="true">1f8b0800000000000000b3c9c94c4b4dae4cce49b5e35250b0c94d2c2e492d2a4e2d2ececccfb34b49cdcd4fce2fa8d40b8608d8e8a3ca8374241614e464262796a0a8774408dae823abe0b2d1475808003864e6777c000000</lifecycle>
+</application>
+</file>