[jira] Commented: (SYNAPSE-376) Securing password in the datasource definition

Sun, 29 Jun 2008 06:10:09 -0700 

    [ 
https://issues.apache.org/jira/browse/SYNAPSE-376?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12609109#action_12609109
 ] 

indika priyantha kumara commented on SYNAPSE-376:
-------------------------------------------------

I initially thought , both trust-store and key-store configurations to keep in 
the synape.properties. And 'cipher-text.properties' keep all the cipher texts 
that will be used in anywhere in the synapse (not just for datasource - for 
example , password in dblookp mediator). Now, I feel both trust-store and 
key-store configuration also have to be moved to 'cipher-text.properties' and 
both password for trust-store and key-store need to be kept on a separate file 
and after reading that file (in start up ) , do delete it. Then, passwords for  
both trust-store and key-store are one time. We can also use asking user to 
give password for both trust-store and key-store. But , I prefer to keep those 
in a file and after reading delete it. 

Then  

"cipher-text.properties" file look like

# Common properties

truststore.location=./../webapp/WEB-INF/classes/conf/identity.jks
......  # other parameters for truststore configuration (except passwords)

keystore.location=./../webapp/WEB-INF/classes/conf/identity.jks
....   # other parameters for keystore configuration (except passwords)

encryption.algorithm.default=RSA

plaintexts=admin,password

# configuration  per each plaintext
admin.ciphertext=aaaxzxxs223a
admin.encryption.algorithm=RSA

password.ciphertext=fdgfdfga2gf

And another one time file (on start up , after reading , do delete it)

"keystore-truststore-password.properties"

keystore.password=plaintext
truststore.password=palintext

> Securing password in the datasource definition 
> -----------------------------------------------
>
>                 Key: SYNAPSE-376
>                 URL: https://issues.apache.org/jira/browse/SYNAPSE-376
>             Project: Synapse
>          Issue Type: Improvement
>            Reporter: indika priyantha kumara
>            Assignee: indika priyantha kumara
>             Fix For: FUTURE
>
>
> Currently ,passwords in the datasource definition are in clear text format. 
> (In synapse.properties). Those have to be encrypted. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to