[
https://issues.apache.org/jira/browse/JSPWIKI-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14145762#comment-14145762
]
David Vittor commented on JSPWIKI-205:
--------------------------------------
Hi Harry,
That's a good idea. I like the idea of keeping the key only available in
memory, which means it's never stored on a filesystem. This could be done
easily enough. However I would need to think about how the key is entered. This
means I have to think about the UI side of things, which I will come back to at
a later stage.
However with the current implementation the jspwiki-crypto.properties file can
be store outside of the wiki working directory, so it can be on a USB, or in a
secure folder, etc. Which is reasonably secure.
The current patch is the groundwork for two goals - 1. backup the content of
the wiki to the cloud, and 2. develop a password plugin.
For now I'm going back to the AJAX framework.
> Obfuscate on disk content type
> ------------------------------
>
> Key: JSPWIKI-205
> URL: https://issues.apache.org/jira/browse/JSPWIKI-205
> Project: JSPWiki
> Issue Type: Improvement
> Components: Core & storage
> Reporter: Chris Lialios
> Priority: Trivial
> Attachments: BasicOverview.doc, EncryptingProviderSource.zip,
> encryption.patch, encryption.patch, encryption.patch, encryption.patch
>
>
> We would like to store passwords within the wiki pages.
> Securing the page is trivial, however the contents on disk remain clear text.
> It would be very nice to have a page type that could be stored in an
> obfuscated form on disk.
> As an addition have a secondary password to display/edit the encrypted
> contents on disk for those who do not want to use wiki security on the page.
> I suspect this will have potentially drastic effects on the revisions
> process, but it would be a small price to pay for security.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
