Thanks Maninda. Regards, Sithumini
On Mon, Mar 16, 2015 at 11:43 AM, Maninda Edirisooriya <[email protected]> wrote: > IMO the password field should be encrypted when it is stored in the > database. That means the password should be encrypted from the backend and > decrypted each time from the backend once requested. > > Thanks. > > > *Maninda Edirisooriya* > Senior Software Engineer > > *WSO2, Inc.*lean.enterprise.middleware. > > *Blog* : http://maninda.blogspot.com/ > *E-mail* : [email protected] > *Skype* : @manindae > *Twitter* : @maninda > > On Mon, Mar 16, 2015 at 10:46 AM, Sithumini Senevirathne < > [email protected]> wrote: > >> Hi all, >> >> Currently registry do not have password field support for RXTs and I'm >> working on implementing this. >> >> This implementation comes with several concerns as below, >> >> 1. UI aspect of the password field >> 2. Security aspect of the password fields >> >> >> The solution for the concern #1 is, >> >> 1. Created a new "PasswordFiels" class in >> "org.wso2.carbon.governance.generic.ui.common.dataobject" >> >> >> Regarding the security concern of the password field, I identified >> several challenges. >> >> - When to encrypt the password field content. >> - Whether the encryption should be in UI side or backend side? >> - When to decrypt the password field content. >> - Whether the decryption should be done in every time it is viewed or >> decrypt the password field content as necessary upon request of the user? >> >> Please give your suggestions on regarding these concerns. >> >> Thanks, >> Regards, >> Sithumini >> -- >> -- >> Sithumini Senevirathne >> Software Engineer >> WSO2 Inc. - lean . enterprise . middleware | wso2.com >> >> email: [email protected], mobile: +94 756977999 >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > -- -- Sithumini Senevirathne Software Engineer WSO2 Inc. - lean . enterprise . middleware | wso2.com email: [email protected], mobile: +94 756977999
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
