For security we want to enode "sqlMap.xml",
and decode it at runtime. How can i to do it ?
eg, file: SqlMapConfig.xml
<sqlMap resource="sqlMap.xml" />
and the file: "sqlMap.xml" be encoded !
Stick it in a jar file!
Or were you looking for a more cryptic encoding? ;-)
Seriously, this is one of these tricky questions that keeps coming up. If you encrypt the file, how are you protecting the decryption program/key? Clinton had some useful things to say about this a while back: https://sourceforge.net/forum/message.php?msg_id=2471492
But to answer your question directly, sqlmap doesn't support it, nor do I think it ever will do. If you've read the above thread and it's still something you want to do, I'd start searching around for something that will encrypt/encode & decrypt/decode jar files at runtime...
I see. Thanks !
I just want to proteced file in a easy way.
For example, if SQL command hard code in java source file and complie it to class file, then it would be not easy to view by someone !
I think if sqlmap could provide filter interface when it load file, than I could write some code to implement it and decrypt/decode file. I know it is not real protected but do it better than do nothing !
>> if SQL command hard code in java source file
>> and complie it to class file, then it would be not
>> easy to view by someone !
Ever hear of JAD?
Install it, then double-click on a Java .class file.
Within 5 minutes of downloading it, you'll see why compiled class files are no more secure than plain text. Even obfuscated classes are easily picked apart by experienced crackers.