Re: AW: How to protect a Cocoon project
Jorg Heymans wrote: have look at the wiki (or google because the wiki seems to be down for the moment) I was doing some housekeeping this morning, but now it should be running smoothly again sorry for the annoyance! -- Steven Noelshttp://outerthought.org/ Outerthought - Open Source Java & XMLAn Orixo Member Read my weblog athttp://blogs.cocoondev.org/stevenn/ stevenn at outerthought.orgstevenn at apache.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: How to protect a Cocoon project
sun's page for xsltc compiler http://wwws.sun.com/software/xml/developers/xsltc/ On Wed, 22 Oct 2003, Jorg Heymans wrote: > have look at the wiki (or google because the wiki seems to be down for > the moment) for xsltc, a stylesheet compiler. > > wiki.cocoondev.org > > > Derek Hohls wrote: > > > Jorg > > > > Are there guidelines for how to do the precompiling > > of XSL *and* XSP? > > > > Thanks > > Derek > > > > >>> [EMAIL PROTECTED] 22/10/2003 10:34:15 >>> > > you can precompile the stylesheets to classes so at least it's not > > plaintext anymore. Ultimately that's what cocoon does. > > Put your XML into a database or something. > > I don't know how you would go on about masking the sitemap. > > > > jorg > > > > Jφrn Heid wrote: > > > > >It's about a demo (with an installer). > > >I can't say: Before you install, please create a new user and forget the > > >password of him :) > > > > > >-Ursprόngliche Nachricht- > > >Von: news [_ mailto:[EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>_ Im Auftrag von Olivier Billard > > >Gesendet: Mittwoch, 22. Oktober 2003 09:54 > > >An: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>_ > > >Betreff: Re: How to protect a Cocoon project > > > > > > > > >Hi Joern, > > > > > >Isn't it the goal of filesystems, to protect file from beeing read by > > non > > >authorized > > >persons ? It's possible with WinNT, 2000, XP, and of course Unix-like > > OSes. > > >Just give the right rights to the right persons ;) > > > > > >-- > > >Olivier BILLARD > > > > > > > > >On 22/10/2003 09:47, Jφrn Heid wrote: > > > > > > > > >>Hello. > > >> > > >>I want to give my customer a demo of my Cocoon based application which > > >>runs with Jetty on their local machine. But the problem is everybody > > >>can see the internals of the app. All the pipelines in sitemap.xmap, > > >>all XSL and XML. It can be used to find backdoors in the sitemap for > > >>example. > > >> > > >>So the question is, how to protect files from being read directly. > > >> > > >>A solution would probably be to encrypt (for example via XOR) all the > > >>files. After that, Cocoon (Jetty) has to be started with modified > > >>Java-IO classes (via bootclasspath). > > >> > > >>Does anybody know which classes have to be changed or if there's > > >>somebody who has done something like that... > > >> > > >> > > >>JOERN_HEID > > >> > > >> > > > > > > > > > > > >- > > >To unsubscribe, e-mail: [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>_ > > >For additional commands, e-mail: [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>_ > > > > > > > > >- > > >To unsubscribe, e-mail: [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>_ > > >For additional commands, e-mail: [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>_ > > > > > > > > > > > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>_ > > For additional commands, e-mail: [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>_ > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is > > believed to be clean. > > Mailscanner thanks transtec Computers <http://www.transtec.co.uk/> for > > their support. > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: How to protect a Cocoon project
Sorry I didn't read good your mail :) My eyes are not well opened this morning ;) But Alexander is right : that's your job to ensure there is no backdoor... On 22/10/2003 10:10, Jörn Heid wrote: It's about a demo (with an installer). I can't say: Before you install, please create a new user and forget the password of him :) -Ursprüngliche Nachricht- Von: news [mailto:[EMAIL PROTECTED] Im Auftrag von Olivier Billard Gesendet: Mittwoch, 22. Oktober 2003 09:54 An: [EMAIL PROTECTED] Betreff: Re: How to protect a Cocoon project Hi Joern, Isn't it the goal of filesystems, to protect file from beeing read by non authorized persons ? It's possible with WinNT, 2000, XP, and of course Unix-like OSes. Just give the right rights to the right persons ;) -- Olivier BILLARD On 22/10/2003 09:47, Jörn Heid wrote: Hello. I want to give my customer a demo of my Cocoon based application which runs with Jetty on their local machine. But the problem is everybody can see the internals of the app. All the pipelines in sitemap.xmap, all XSL and XML. It can be used to find backdoors in the sitemap for example. So the question is, how to protect files from being read directly. A solution would probably be to encrypt (for example via XOR) all the files. After that, Cocoon (Jetty) has to be started with modified Java-IO classes (via bootclasspath). Does anybody know which classes have to be changed or if there's somebody who has done something like that... JOERN_HEID - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: How to protect a Cocoon project
have look at the wiki (or google because the wiki seems to be down for the moment) for xsltc, a stylesheet compiler. wiki.cocoondev.org Derek Hohls wrote: Jorg Are there guidelines for how to do the precompiling of XSL *and* XSP? Thanks Derek >>> [EMAIL PROTECTED] 22/10/2003 10:34:15 >>> you can precompile the stylesheets to classes so at least it's not plaintext anymore. Ultimately that's what cocoon does. Put your XML into a database or something. I don't know how you would go on about masking the sitemap. jorg Jörn Heid wrote: >It's about a demo (with an installer). >I can't say: Before you install, please create a new user and forget the >password of him :) > >-Ursprüngliche Nachricht- >Von: news [_ mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>_ Im Auftrag von Olivier Billard >Gesendet: Mittwoch, 22. Oktober 2003 09:54 >An: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>_ >Betreff: Re: How to protect a Cocoon project > > >Hi Joern, > >Isn't it the goal of filesystems, to protect file from beeing read by non >authorized >persons ? It's possible with WinNT, 2000, XP, and of course Unix-like OSes. >Just give the right rights to the right persons ;) > >-- >Olivier BILLARD > > >On 22/10/2003 09:47, Jörn Heid wrote: > > >>Hello. >> >>I want to give my customer a demo of my Cocoon based application which >>runs with Jetty on their local machine. But the problem is everybody >>can see the internals of the app. All the pipelines in sitemap.xmap, >>all XSL and XML. It can be used to find backdoors in the sitemap for >>example. >> >>So the question is, how to protect files from being read directly. >> >>A solution would probably be to encrypt (for example via XOR) all the >>files. After that, Cocoon (Jetty) has to be started with modified >>Java-IO classes (via bootclasspath). >> >>Does anybody know which classes have to be changed or if there's >>somebody who has done something like that... >> >> >>JOERN_HEID >> >> > > > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>_ >For additional commands, e-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>_ > > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>_ >For additional commands, e-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>_ > > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>_ For additional commands, e-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>_ -- This message has been scanned for viruses and dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is believed to be clean. Mailscanner thanks transtec Computers <http://www.transtec.co.uk/> for their support. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to protect a Cocoon project
on Wed, 22 Oct 2003 09:53:37 +0200 Olivier Billard <[EMAIL PROTECTED]> wrote: > Hi Joern, > > Isn't it the goal of filesystems, to protect file from beeing read by > non authorized persons ? It's possible with WinNT, 2000, XP, and of > course Unix-like OSes. Just give the right rights to the right persons > ;) It's not a solution, when u send a demo say, on a CD, client may do with it what he wants. Maybe hiding backdoors isn't good example, just say jou don't want to give the source. To Jörn: Maybe solution is to obfuscate compiled sitemaps. Assuming (I didn't check) cocoon compares only mtime of source and compiled sitemap, you can remove content of source and set its mtime to older than compiled sitemap (or to the value before the truncation). As about static files, there is storeJanitor wich may help a bit (a small one :). If cocoon can read files, user can too, it's just matter of time, cost and knowledge. On the other hand cocoon shouldn't force people to write only opensource. Obfuscating/xoring/rot13ing files should be in most cases enough, at least until your app becomes so popular that people could simply ask on usenet how to read your 'crypted' files. This of course needs modyfying cocoon but it's worth if u want to make money on not OS cocoon apps. And remember: information wants to be free :) Regards, Rufio -- nmap -sS -O -p80,81 www.microsoft.com [..] Running: Linux 2.5.X OS details: Linux Kernel 2.4.18 - 2.5.70 (X86) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: How to protect a Cocoon project
Jorg Are there guidelines for how to do the precompiling of XSL *and* XSP? Thanks Derek>>> [EMAIL PROTECTED] 22/10/2003 10:34:15 >>> you can precompile the stylesheets to classes so at least it's not plaintext anymore. Ultimately that's what cocoon does. Put your XML into a database or something. I don't know how you would go on about masking the sitemap. jorg Jörn Heid wrote: >It's about a demo (with an installer). >I can't say: Before you install, please create a new user and forget the >password of him :) > >-Ursprüngliche Nachricht- >Von: news [ mailto:[EMAIL PROTECTED] Im Auftrag von Olivier Billard >Gesendet: Mittwoch, 22. Oktober 2003 09:54 >An: [EMAIL PROTECTED] >Betreff: Re: How to protect a Cocoon project > > >Hi Joern, > >Isn't it the goal of filesystems, to protect file from beeing read by non >authorized >persons ? It's possible with WinNT, 2000, XP, and of course Unix-like OSes. >Just give the right rights to the right persons ;) > >-- >Olivier BILLARD > > >On 22/10/2003 09:47, Jörn Heid wrote: > > >>Hello. >> >>I want to give my customer a demo of my Cocoon based application which >>runs with Jetty on their local machine. But the problem is everybody >>can see the internals of the app. All the pipelines in sitemap.xmap, >>all XSL and XML. It can be used to find backdoors in the sitemap for >>example. >> >>So the question is, how to protect files from being read directly. >> >>A solution would probably be to encrypt (for example via XOR) all the >>files. After that, Cocoon (Jetty) has to be started with modified >>Java-IO classes (via bootclasspath). >> >>Does anybody know which classes have to be changed or if there's >>somebody who has done something like that... >> >> >>JOERN_HEID >> >> > > > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Mailscanner thanks transtec Computers for their support.
Re: AW: How to protect a Cocoon project
you can precompile the stylesheets to classes so at least it's not plaintext anymore. Ultimately that's what cocoon does. Put your XML into a database or something. I don't know how you would go on about masking the sitemap. jorg Jörn Heid wrote: It's about a demo (with an installer). I can't say: Before you install, please create a new user and forget the password of him :) -Ursprüngliche Nachricht- Von: news [mailto:[EMAIL PROTECTED] Im Auftrag von Olivier Billard Gesendet: Mittwoch, 22. Oktober 2003 09:54 An: [EMAIL PROTECTED] Betreff: Re: How to protect a Cocoon project Hi Joern, Isn't it the goal of filesystems, to protect file from beeing read by non authorized persons ? It's possible with WinNT, 2000, XP, and of course Unix-like OSes. Just give the right rights to the right persons ;) -- Olivier BILLARD On 22/10/2003 09:47, Jörn Heid wrote: Hello. I want to give my customer a demo of my Cocoon based application which runs with Jetty on their local machine. But the problem is everybody can see the internals of the app. All the pipelines in sitemap.xmap, all XSL and XML. It can be used to find backdoors in the sitemap for example. So the question is, how to protect files from being read directly. A solution would probably be to encrypt (for example via XOR) all the files. After that, Cocoon (Jetty) has to be started with modified Java-IO classes (via bootclasspath). Does anybody know which classes have to be changed or if there's somebody who has done something like that... JOERN_HEID - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to protect a Cocoon project
Jörn Heid wrote: Hello. I want to give my customer a demo of my Cocoon based application which runs with Jetty on their local machine. But the problem is everybody can see the internals of the app. All the pipelines in sitemap.xmap, all XSL and XML. It can be used to find backdoors in the sitemap for example. So the question is, how to protect files from being read directly. two thoughts: (1) security by obscurity does not work, this is well known: so if they could detect back-doors in your sitemap something is wrong anyway and you have to modify it (2) if you just want to protect your knowledge and methodology, then this is another discussions: why not put this application online with a password protection; then they can test it online without the need to install it. or if it is really "big stuff", then you could think of making a linux CD that boots from CD/DVD like Knoppix with all your stuff pre-installed, but *without* an open root password as Knoppix has it. then they enter the CD boot from it and thats it. Alex - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: How to protect a Cocoon project
It's about a demo (with an installer). I can't say: Before you install, please create a new user and forget the password of him :) -Ursprüngliche Nachricht- Von: news [mailto:[EMAIL PROTECTED] Im Auftrag von Olivier Billard Gesendet: Mittwoch, 22. Oktober 2003 09:54 An: [EMAIL PROTECTED] Betreff: Re: How to protect a Cocoon project Hi Joern, Isn't it the goal of filesystems, to protect file from beeing read by non authorized persons ? It's possible with WinNT, 2000, XP, and of course Unix-like OSes. Just give the right rights to the right persons ;) -- Olivier BILLARD On 22/10/2003 09:47, Jörn Heid wrote: > Hello. > > I want to give my customer a demo of my Cocoon based application which > runs with Jetty on their local machine. But the problem is everybody > can see the internals of the app. All the pipelines in sitemap.xmap, > all XSL and XML. It can be used to find backdoors in the sitemap for > example. > > So the question is, how to protect files from being read directly. > > A solution would probably be to encrypt (for example via XOR) all the > files. After that, Cocoon (Jetty) has to be started with modified > Java-IO classes (via bootclasspath). > > Does anybody know which classes have to be changed or if there's > somebody who has done something like that... > > > JOERN_HEID - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to protect a Cocoon project
Hi Joern, Isn't it the goal of filesystems, to protect file from beeing read by non authorized persons ? It's possible with WinNT, 2000, XP, and of course Unix-like OSes. Just give the right rights to the right persons ;) -- Olivier BILLARD On 22/10/2003 09:47, Jörn Heid wrote: Hello. I want to give my customer a demo of my Cocoon based application which runs with Jetty on their local machine. But the problem is everybody can see the internals of the app. All the pipelines in sitemap.xmap, all XSL and XML. It can be used to find backdoors in the sitemap for example. So the question is, how to protect files from being read directly. A solution would probably be to encrypt (for example via XOR) all the files. After that, Cocoon (Jetty) has to be started with modified Java-IO classes (via bootclasspath). Does anybody know which classes have to be changed or if there's somebody who has done something like that... JOERN_HEID - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How to protect a Cocoon project
Hello. I want to give my customer a demo of my Cocoon based application which runs with Jetty on their local machine. But the problem is everybody can see the internals of the app. All the pipelines in sitemap.xmap, all XSL and XML. It can be used to find backdoors in the sitemap for example. So the question is, how to protect files from being read directly. A solution would probably be to encrypt (for example via XOR) all the files. After that, Cocoon (Jetty) has to be started with modified Java-IO classes (via bootclasspath). Does anybody know which classes have to be changed or if there's somebody who has done something like that... JOERN_HEID - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
