Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 469
  • Last Modified:

Encrypt XSL

Hi,

I'm looking for a solution to protect the xsl from our outsite vendors from seeing it. I'm creating a Java desktop application to do the transform works.

Is there a secure way to encrypt the xsl? I think the XSL can be compiled into a class. I wonder how secure it could be if somebody try to reverse engineer it to get to the source (or close to the original source).

I hope the experts in this field can provide some valuable insight.

I'm open to other suggestion as well. Thank you!

OwonSeed

0
owonseed
Asked:
owonseed
2 Solutions
 
jkmyoungCommented:
First thing that comes to mind is: Saxon 8 allows you to precompile stylesheets, making it not easily human readable. Also speeds up the process if you use the same xsl many times.
http://www.saxonica.com/documentation/using-xsl/compiling.html

Alternatively, you could encrypt all your xsl files, and decrypt them in your java application before running the transformations.
0
 
owonseedAuthor Commented:
Saxon has limitation on the XSL compilation:

"Stylesheet compilation is not currently supported for schema-aware stylesheets, specifically, for stylesheets that contain an <xsl:import-schema> declaration."

This unfortunately does not allow me to use the Saxon XSL Compilation.

If I encrypt the XSL using java, and decrypt it when I need it, would the decrypted XSL be stored as memory or physical file in local temp folder? My concern is whether a user can look for the decrypted XSL file from the local file system.

- OwonSeed
0
 
Geert BormansCommented:
Hi owonseed,

unless you have a schema aware stylesheet (if you do you are basically bound to Saxon)
xsltc would be the first that comes to my mind
(this is java bytecode generated by xalan)
http://xml.apache.org/xalan-j/xsltc_usage.html

Cheers!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now