From: fredt <fr...@us...> - 2002-11-03 00:09:17
|
Strings in CACHED tables can be read as they are encoded in UTF-8. You should be able to remedy the perceived lack of security by encoding the lines that are written to the *.script file and later read from it by modifying two methods of StringConverter.java (UnicodeToAscii and AsciiToUnicode). Just avoid using non ascii and control characters in the encoded form. BASE64 is a suitable example. I offered a similar tip a while back to someone who asked the same question in the Help forum. It is always worth doing a search on both this list's archives and the forums. Fred Toussi ______________ Geoff Beaumont wrote: This may be a 'simple can't be done', but on the off chance that there is a way of doing this... Is there any way of setting the system tables to be cached, so that the information contained in the database.script file is stored in a non human readable format? I'm aware that this doesn't significantly increase the security of the system - the two issues from my point of view are: - the ability of the user to edit the database.script file, almost certainly breaking the system the database is part of. - the potential for users to conclude that the system is insecure because the passwords are stored in plain text (why, incidentally?) A word in explanation - I'm using HSQLDB as an embedded database in a Java application - the database files are stored on the users machine, and necessarily have full read/write permissions for the user. Without having actually looked at the source code, I'm thinking that it would be reasonably easy to add a one way hash to the password handling methods, possibly to the username too (although that's probably of no real benefit). Would there be any catches if I did this? Obscuring the database structure strikes me as considerably more complex, unless there's an easy way to do this that I'm missing. Hmm, that probably qualifies as a statement of the bleeding obvious... |