|
Uses obfuscation or encryption to hide the contents of configuration files and initialization files.
dbfhide [ options ] original-configuration-file encrypted-configuration-file| Option | Description |
|---|---|
| @data | Reads options from the specified environment variable or configuration file. |
| -q | Runs in quiet mode--messages are not displayed. |
| -w | Encodes the file for use by the current user on this computer only. The encoded file cannot be used by any other user on this computer, nor can it be used on any other computer. |
| -wm | Encodes the file for use by any user on this computer only. The encoded file cannot be used on any other computer. |
| original-configuration-file | Specifies the name of the original unencoded file. |
| encrypted-configuration-file | Specifies the name for the new encoded file. |
None.
Some utilities use configuration files to hold command-line options.
By default, dbfhide uses simple obfuscation on the specified file. Simple obfuscation is intended only to keep data hidden in the event of casual direct access of the configuration file, to make it more difficult but not impossible for someone to decipher the contents of the configuration file.
On Microsoft Windows, the -w and -wm options use the Microsoft Cryptography API and the integrated Microsoft key store for strong encryption. The API links an encryption key to a specific user and computer (-w) or a specific computer (-wm).
On Unix, the -w and -wm options use an obfuscation algorithm that is not secure.
When you specify the -w or -wm options, the file must be encoded on the target computer (for example, during a client software install). A file encoded on computer A with one of these options is not usable on computer B. If neither of the -w and -wm options is used, then the obfuscated file can be used on any computer.
It is recommended that passwords never be stored in a configuration file. Storing a password in a configuration file poses a security risk. If both user ID and password are discovered, then anyone with access to the database server can authenticate with that user ID and password. The contents of an encoded configuration file are secure only on Microsoft Windows when the -w or -wm option is used. The contents of an encoded configuration file are not secure on Linux, Mac OS X, and other systems. Therefore, a configuration file should be secured with appropriate operating system permissions.
You cannot modify the contents of an encoded file using a text editor, and you cannot simply decode a file that has been encoded. Therefore you must preserve the original plain text file for future reference. To make changes to an encoded file, you must edit the original plain text file and then use it to recreate the encoded file.
Create a configuration file that names the database server Elora, sets the cache to 10 MB, and starts the sample database. The configuration file would be written as follows:
# Configuration file for server Elora -n Elora -c 10M "C:\Users\Public\Documents\SQL Anywhere 17\Samples\demo.db"
Lines beginning with # are treated as comments.
Name the file sample.txt. To start the sample database using this configuration file, enter:
dbsrv17 @sample.txtNow, encode the configuration file.
dbfhide sample.txt sample.enc
Use the sample.enc file to start the sample database.
dbsrv17 @sample.encEncode the configuration file using options set in a Windows environment variable.
set hideopts=-q -wm dbfhide @hideopts sample.txt sample.enc