Trace: • Encrypt Configuration
This is an old revision of the document!
The configuration of an application is usually separated from the source code and stored in the configuration file config.xml. The file is a standard XML file.
If the database access data/credentials are set in clear-text, both username and password can be read out. Although this has the advantage that a change of the file is possible at any time, but also the disadvantage that the data are easily readable.
To prevent readability, the XmlWorker supports transparent encryption. You can work with plain text files without any care during the development phase, and switch to encrypted mode when installing on the production system. You do not need to change your source code.
To encrypt a configuration file the following source code can be used:
XmlWorker xmw = new XmlWorker(); xmw.setAutomaticDecrypt(true); xmw.setEncrypted("/application/securitymanager", true); xmw.setEncrypted("/application/lifecycle", true); xmw.setEncrypted("/application/datasource", true); File fiConfig = new File(sFile); XmlNode xmn = xmw.read(fiConfig); xmw.write(fiConfig, xmn);
Simply set XML nodes to encrypt. All non-essential parts of the file can still remain in plain text and the important data is protected.
Example
A very easy-to-read configuration:
- config.xml
<?xml version="1.0" encoding="UTF-8"?> <application> <securitymanager> <class>com.sibvisions.rad.server.security.DBSecurityManager</class> <database> <driver>org.hsqldb.jdbcDriver</driver> <url>jdbc:hsqldb:hsql://localhost/demodb;ifexists=true</url> <username>sa</username> <password></password> </database> </securitymanager> <!-- optional database configuration --> <databaseobjects> <yesvalue>Y</yesvalue> <NUSERS>TBL_USERS</NUSERS> <NUSERS_CHANGE_PASSWORD>CHANGE_PASSWORD</NUSERS_CHANGE_PASSWORD> <NUSERS_VALID_FROM>COL_VALID_FROM</NUSERS_VALID_FROM> <NUSERS_VALID_TO>COL_VALID_TO</NUSERS_VALID_TO> <NUSERS_ACTIVE>COL_ACTIVE</NUSERS_ACTIVE> </databaseobjects> <!-- predefined life-cycle object names --> <lifecycle> <mastersession>democopy.Session</mastersession> <application>democopy.Application</application> </lifecycle> </application>
And now protected:
- config.xml
<?xml version="1.0" encoding="UTF-8"?> <application> <securitymanager encrypted="true">1f8b08000000000000005d90310ec2300c45774ec109e21d4206c4cac4099cc4b4416903765ae0f6244d111293fdfdfdac2f6b213771c8ef0147ec88cd66bbd52ea28871695012ec1c24a45114a357423c13ab2fa34ec7cbda9e1baea1b1f58ac78c1685aaa89243614de24ef5f288deaa9bb7eeb44c35ac6e5b9d389a6aeedae252760031398c7d920c9e86e4ed3e5ce91524cb21f3441a2ab61e2841471cc80896f15734ef5ef23d137b5842c22fa586ff5f7c00b0e53e381d010000</securitymanager> <!-- optional database configuration --> <databaseobjects> <yesvalue>Y</yesvalue> <NUSERS>TBL_USERS</NUSERS> <NUSERS_CHANGE_PASSWORD>CHANGE_PASSWORD</NUSERS_CHANGE_PASSWORD> <NUSERS_VALID_FROM>COL_VALID_FROM</NUSERS_VALID_FROM> <NUSERS_VALID_TO>COL_VALID_TO</NUSERS_VALID_TO> <NUSERS_ACTIVE>COL_ACTIVE</NUSERS_ACTIVE> </databaseobjects> <!-- predefined life-cycle object names --> <lifecycle encrypted="true">1f8b0800000000000000b3c9c94c4b4dae4cce49b5e35250b0c94d2c2e492d2a4e2d2ececccfb34b49cdcd4fce2fa8d40b8608d8e8a3ca8374241614e464262796a0a8774408dae823abe0b2d1475808003864e6777c000000</lifecycle> </application>