[
https://issues.apache.org/jira/browse/SYNAPSE-376?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12609020#action_12609020
]
indika priyantha kumara commented on SYNAPSE-376:
-------------------------------------------------
I thought to completely separate the securing password and make it available
for anywhere securing for plaintext want.
Rather than using encrypted data in each location, keep encrypted text in a
separate file. For example: Without setting encrypted password in
configurations for each datasource,dbreport,lookup or in any place, keep every
encrypted text in a single location.
Cipher text file
cipher-text.properties
# Common properties
encryption.algorithm.default=RSA
plaintexts=admin,password
# configuration per each plaintext
admin.ciphertext=aaaxzxxs223a
admin.encryption.algorithm=RSA
password.ciphertext=fdgfdfga2gf
Then, For example, if the password for dblookup mediator has to be secured
<dblookup>
<connection>
<pool>
<driver>org.apache.derby.jdbc.ClientDriver</driver>
<url>jdbc:derby://localhost:1527/synapsedb;create=false</url>
<user>synapse</user>
***<password>admin</password>***
</pool>
.........
Then, within dblookup mediator, before make connection, can get the decrypted
password as
DecryptedDataRegistry.get('admin');
This is same for anywhere needs decrypted password or any decrypted text.
In this approach, the 'admin' plaintext password is really a logical one and it
only uses for lookup actual password from encrypted text file.
Even this approaches, adds another configuration file, there are lot of benefit.
(1) Single point of configuration for each plaintext-cipher-text pairs.
Therefore, we can separately specify algorithms or any parameters for each
plaintext.
(2) We can add extra security. For example, we can sign
"cipher-text.properties" file. If the encrypted texts are scatted everywhere,
then adding extra security will not be feasible.
(3) This will become a reusable component that can be used anywhere, even,
with in any other projects.
> Securing password in the datasource definition
> -----------------------------------------------
>
> Key: SYNAPSE-376
> URL: https://issues.apache.org/jira/browse/SYNAPSE-376
> Project: Synapse
> Issue Type: Improvement
> Reporter: indika priyantha kumara
> Assignee: indika priyantha kumara
> Fix For: FUTURE
>
>
> Currently ,passwords in the datasource definition are in clear text format.
> (In synapse.properties). Those have to be encrypted.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
