Is it possible to encode sqlMap.xml ?

Leo
2004-11-25
2013-04-11
  • Leo
    Leo
    2004-11-25

    Hi All,
    For security we want to enode "sqlMap.xml",
    and decode it at runtime. How can i to do it ?

    eg, file: SqlMapConfig.xml
    <sqlMapConfig>
       ...
      <sqlMap resource="sqlMap.xml" />
    ...
    </sqlMapConfig>

    and the file: "sqlMap.xml" be encoded !

     
    • Kris Jenkins
      Kris Jenkins
      2004-11-25

      Stick it in a jar file!

      Or were you looking for a more cryptic encoding? ;-)

      Seriously, this is one of these tricky questions that keeps coming up.  If you encrypt the file, how are you protecting the decryption program/key?  Clinton had some useful things to say about this a while back: https://sourceforge.net/forum/message.php?msg_id=2471492

      But to answer your question directly, sqlmap doesn't support it, nor do I think it ever will do.  If you've read the above thread and it's still something you want to do, I'd start searching around for something that will encrypt/encode & decrypt/decode jar files at runtime...

      Kris

       
    • Leo
      Leo
      2004-11-26

      I see. Thanks !
      I just want to proteced file in a easy way.
      For example, if SQL command hard code in java source file and complie it to class file, then it would be not easy to view by someone !
      I think if sqlmap could provide filter interface when it load file, than I could write some code to implement it and decrypt/decode file. I know it is not real protected but do it better than do nothing !

      Leo.

       
      • Clinton Begin
        Clinton Begin
        2004-11-26

        >>  if SQL command hard code in java source file
        >> and complie it to class file, then it would be not
        >> easy to view by someone !

        Ever hear of JAD?

        http://members.fortunecity.com/neshkov/dj.html

        Install it, then double-click on a Java .class file.

        Within 5 minutes of downloading it, you'll see why compiled class files are no more secure than plain text.  Even obfuscated classes are easily picked apart by experienced crackers.

        Cheers,
        Clinton