Hi Francesco, I looked into [1], and concluded that the /security.properties file is part of the deployment. In our case, we will deploy lot's of Syncope instances, but we do not want to use the more or less default key in the properties file in the war for every client.
Maybe I am missing something here. Maybe it is already possible to define a property in an external property file, with the implementation of SYNCOPE-244. And we could define the per client encryption key in that external file? Regards, Ernst 2013/1/11 Francesco Chicchiriccò (JIRA) <[email protected]>: > > [ > https://issues.apache.org/jira/browse/SYNCOPE-269?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel > ] > > Francesco Chicchiriccò resolved SYNCOPE-269. > -------------------------------------------- > > Resolution: Fixed > > Wiki page updated. > >> AES encryption key defined in source code >> ----------------------------------------- >> >> Key: SYNCOPE-269 >> URL: https://issues.apache.org/jira/browse/SYNCOPE-269 >> Project: Syncope >> Issue Type: Bug >> Components: core >> Affects Versions: 1.0.4, 1.1.0 >> Reporter: Francesco Chicchiriccò >> Assignee: Francesco Chicchiriccò >> Priority: Critical >> Labels: security >> Fix For: 1.0.5, 1.1.0 >> >> >> Currently, the encryption key is barely and statically defined in source >> code [1] for 1_0_X, [2] for trunk. >> This key must be moved to an external properties file (security.properties, >> for example). >> Nice to have: random generation of this key during 'mvn archetype:generate'. >> For 1_0_X: provide default to current key value [1] when not provided in >> security.properties. >> [1] >> http://svn.apache.org/repos/asf/syncope/branches/1_0_X/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java >> [2] >> http://svn.apache.org/repos/asf/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/PasswordEncoder.java > > -- > This message is automatically generated by JIRA. > If you think it was sent incorrectly, please contact your JIRA administrators > For more information on JIRA, see: http://www.atlassian.com/software/jira
