[ https://issues.apache.org/jira/browse/JSPWIKI-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14160129#comment-14160129 ]
Glen Mazza commented on JSPWIKI-205: ------------------------------------ Hi David, your patch is hardcoding a salt value (apparently used in the encryption) if one not provided by the user: salt = TextUtil.getStringProperty(cryptoProperties,PROP_CRYPTO_SALT, "Ra%$ESSQA#!@)#$@)"); Wouldn't it be better to throw an exception if the salt is unprovided--halting JSPWiki from running if necessary--rather than rely on a salt value that is publicly known? If one wants encryption, a salt value must be provided, that doesn't seem unreasonable. > Obfuscate on disk content type > ------------------------------ > > Key: JSPWIKI-205 > URL: https://issues.apache.org/jira/browse/JSPWIKI-205 > Project: JSPWiki > Issue Type: Improvement > Components: Core & storage > Reporter: Chris Lialios > Priority: Trivial > Attachments: BasicOverview.doc, EncryptingProviderSource.zip, > encryption.patch, encryption.patch, encryption.patch, encryption.patch > > > We would like to store passwords within the wiki pages. > Securing the page is trivial, however the contents on disk remain clear text. > It would be very nice to have a page type that could be stored in an > obfuscated form on disk. > As an addition have a secondary password to display/edit the encrypted > contents on disk for those who do not want to use wiki security on the page. > I suspect this will have potentially drastic effects on the revisions > process, but it would be a small price to pay for security. -- This message was sent by Atlassian JIRA (v6.3.4#6332)