https://bz.apache.org/bugzilla/show_bug.cgi?id=60153
Javen O'Neal <one...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
--- Comment #5 from Javen O'Neal <one...@apache.org> ---
I am assuming a lazy consensus that there are no security issues with this
implementation. Most of the crypto code has been around in TestSecureTempZip
for a while anyway. This patch just makes that code available to developers by
moving it into the main library.
I applied your patch from comment 4 with a one minor change in r1763943.
1. provide protected or public accessor methods rather than elevating
visibility of private variables. This gives us more freedom in the future to
consolidate code between HSSF, XSSF, and SXSSF.
Remaining questions:
1. In AesZipFileZipEntrySource, should the close method do nothing if the
object has already been closed (guard the code with an if (closed)?
2. TestSecureTempZip demonstrates how to read an AES-encrypted XSSFWorkbook and
TestSXSSFWorkbookWithCustomZipEntrySource demonstrates how to write an
SXSSFWorkbook using encrypted temporary files, but we don't have an example for
writing an SXSSFWorkbook where both temporary files and the saved workbook are
AES-encrypted. Would you be willing to provide a code example or unit test for
this?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org
For additional commands, e-mail: dev-h...@poi.apache.org
