Hi Freeman, yes. This should be an option and disabled by default. I am thinking about introducing a system property org.apache.cxf.io.CachedOutputStream.something to set the cipher transformation name to enable this option.
regards, aki 2012/10/18 Freeman Fang <[email protected]>: > Hi Aki, > > Basically I'm +1 for this good idea. Just a little bit concern about the > performance impact. > Could we add a flag to enable this encryption behavior? By default the value > is false, so keep same behavior as is, and users can explicitly enable it if > they need a higher secure runtime. > > My 2 cents. > Best Regards > Freeman > ------------- > Freeman(Yue) Fang > > Red Hat, Inc. > FuseSource is now part of Red Hat > Web: http://fusesource.com | http://www.redhat.com/ > Twitter: freemanfang > Blog: http://freemanfang.blogspot.com > http://blog.sina.com.cn/u/1473905042 > weibo: http://weibo.com/u/1473905042 > > On 2012-10-18, at 下午8:31, Aki Yoshida wrote: > >> Hi, >> There is a concern that these temporary files are written out to the >> file system without any protection. And I was wondering if we can add >> an option to enable encryption for the stream output and keep the key >> in the COS instance so that only that COS instance can later read the >> data from the file system. >> >> Is there any security concern to this approach? If none, I will go >> ahead and add this option. >> >> thanks. >> regards, aki >
