[jira] [Commented] (JSPWIKI-205) Obfuscate on disk content type
[ https://issues.apache.org/jira/browse/JSPWIKI-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14168515#comment-14168515 ] David Vittor commented on JSPWIKI-205: -- Hi Glen, I'm happy to make this change, and will do so when I next get a chance. There is already a minimum value defined for the salt, as it has to be the blocksize length in the algorithm chosen. I'll also update the documentation here: * https://jspwiki-wiki.apache.org/Wiki.jsp?page=CryptographyFramework Obfuscate on disk content type -- Key: JSPWIKI-205 URL: https://issues.apache.org/jira/browse/JSPWIKI-205 Project: JSPWiki Issue Type: Improvement Components: Core storage Reporter: Chris Lialios Priority: Trivial Attachments: BasicOverview.doc, EncryptingProviderSource.zip, encryption.patch, encryption.patch, encryption.patch, encryption.patch We would like to store passwords within the wiki pages. Securing the page is trivial, however the contents on disk remain clear text. It would be very nice to have a page type that could be stored in an obfuscated form on disk. As an addition have a secondary password to display/edit the encrypted contents on disk for those who do not want to use wiki security on the page. I suspect this will have potentially drastic effects on the revisions process, but it would be a small price to pay for security. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (JSPWIKI-205) Obfuscate on disk content type
[ https://issues.apache.org/jira/browse/JSPWIKI-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14161748#comment-14161748 ] Glen Mazza commented on JSPWIKI-205: I don't know enough about encryption to know how degraded encryption would be with a hardcoded salt value but that looks like a code smell to be hardcoding it. I would prefer a stop-the-presses, halt JSPWiki exception if you try to activate encryption without properly setting the salt value or other secure/sensitive values such as passwords. Someone who doesn't know how to create a correct salt value has no business trying to activate the JSPWiki encryption. We can someday document on our Wiki how to create salt values (preferably link to some other place that explains it well), but until then the dev needs to know his stuff. What you call the administrator is frequently just a programming grunt who only cares about reporting back to his technically clueless manager that the pages are encrypted. It's perhaps usually not the grunt's data that is being compromised (so he is less concerned), but possibly yours or my data, so JSPWiki should have some built-in safeguards to protect against lazy developers compromising other people's data due to haphazard encryption configuration. On the other hand, what if the developer puts in a 0 or a 1 for the salt value, or some similar value that makes (?) encryption meaningless? If you know enough about the proper structure of salt values, a further sanity check that the salt value is something usable--say minimum length--might be nice to add. By the way, thanks for your work so far on this project. Obfuscate on disk content type -- Key: JSPWIKI-205 URL: https://issues.apache.org/jira/browse/JSPWIKI-205 Project: JSPWiki Issue Type: Improvement Components: Core storage Reporter: Chris Lialios Priority: Trivial Attachments: BasicOverview.doc, EncryptingProviderSource.zip, encryption.patch, encryption.patch, encryption.patch, encryption.patch We would like to store passwords within the wiki pages. Securing the page is trivial, however the contents on disk remain clear text. It would be very nice to have a page type that could be stored in an obfuscated form on disk. As an addition have a secondary password to display/edit the encrypted contents on disk for those who do not want to use wiki security on the page. I suspect this will have potentially drastic effects on the revisions process, but it would be a small price to pay for security. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (JSPWIKI-205) Obfuscate on disk content type
[ https://issues.apache.org/jira/browse/JSPWIKI-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14149286#comment-14149286 ] David Vittor commented on JSPWIKI-205: -- I think the original idea of this issue was to prevent the files stored on the disk, especially page content being available in plain text. This allows backing these files to the cloud, e.g. dropbox, box.net, ec2, etc. How to secure the key which encrypts the data is very important, but as Glen mentioned I think the admin of the wiki should be responsible for securing the wiki and so he should have access to key and the data of the wiki. I think the code patch I've proposed, handles all the points raised here quite nicely. Obfuscate on disk content type -- Key: JSPWIKI-205 URL: https://issues.apache.org/jira/browse/JSPWIKI-205 Project: JSPWiki Issue Type: Improvement Components: Core storage Reporter: Chris Lialios Priority: Trivial Attachments: BasicOverview.doc, EncryptingProviderSource.zip, encryption.patch, encryption.patch, encryption.patch, encryption.patch We would like to store passwords within the wiki pages. Securing the page is trivial, however the contents on disk remain clear text. It would be very nice to have a page type that could be stored in an obfuscated form on disk. As an addition have a secondary password to display/edit the encrypted contents on disk for those who do not want to use wiki security on the page. I suspect this will have potentially drastic effects on the revisions process, but it would be a small price to pay for security. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (JSPWIKI-205) Obfuscate on disk content type
[ https://issues.apache.org/jira/browse/JSPWIKI-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14146057#comment-14146057 ] Jürgen Weber commented on JSPWIKI-205: -- Keeping the key only in memory indeed requires a way to get the key into memory ;-) Over the web gui: the wiki is not usable until the admin enters the key From the console as command line parameter: key is visible with ps Require the admin to enter the key on console during startup: secure, but requires admin interaction on startup, also no startup in background possible (catalina.sh start). A variant is a unix command line tool that is run after startup of the server and that reads the key from console and enters the key into the server via REST or similar. But, all ways that require admin interaction on each server startup are crap. So I suggest the a little less secure way: the wiki reads the key from a file which is encrypted with a masterkey (which is buried in the wiki code). This is the way application servers store their admin passwords. Obfuscate on disk content type -- Key: JSPWIKI-205 URL: https://issues.apache.org/jira/browse/JSPWIKI-205 Project: JSPWiki Issue Type: Improvement Components: Core storage Reporter: Chris Lialios Priority: Trivial Attachments: BasicOverview.doc, EncryptingProviderSource.zip, encryption.patch, encryption.patch, encryption.patch, encryption.patch We would like to store passwords within the wiki pages. Securing the page is trivial, however the contents on disk remain clear text. It would be very nice to have a page type that could be stored in an obfuscated form on disk. As an addition have a secondary password to display/edit the encrypted contents on disk for those who do not want to use wiki security on the page. I suspect this will have potentially drastic effects on the revisions process, but it would be a small price to pay for security. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (JSPWIKI-205) Obfuscate on disk content type
[ https://issues.apache.org/jira/browse/JSPWIKI-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14146520#comment-14146520 ] Jürgen Weber commented on JSPWIKI-205: -- The idea is to protect wiki content from anyone else on the cloud server, especially root. Or anyone that has access to the disc or virtual disc image. If you enter the key via the wiki gui, the only way to access the content is a heap dump while the wiki is running. Obfuscate on disk content type -- Key: JSPWIKI-205 URL: https://issues.apache.org/jira/browse/JSPWIKI-205 Project: JSPWiki Issue Type: Improvement Components: Core storage Reporter: Chris Lialios Priority: Trivial Attachments: BasicOverview.doc, EncryptingProviderSource.zip, encryption.patch, encryption.patch, encryption.patch, encryption.patch We would like to store passwords within the wiki pages. Securing the page is trivial, however the contents on disk remain clear text. It would be very nice to have a page type that could be stored in an obfuscated form on disk. As an addition have a secondary password to display/edit the encrypted contents on disk for those who do not want to use wiki security on the page. I suspect this will have potentially drastic effects on the revisions process, but it would be a small price to pay for security. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (JSPWIKI-205) Obfuscate on disk content type
[ https://issues.apache.org/jira/browse/JSPWIKI-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14144780#comment-14144780 ] David Vittor commented on JSPWIKI-205: -- Documentation for the work is done: * https://jspwiki-wiki.apache.org/Wiki.jsp?page=EncryptPlugin * https://jspwiki-wiki.apache.org/Wiki.jsp?page=EncryptedPageFilter * https://jspwiki-wiki.apache.org/Wiki.jsp?page=CryptographyFramework Obfuscate on disk content type -- Key: JSPWIKI-205 URL: https://issues.apache.org/jira/browse/JSPWIKI-205 Project: JSPWiki Issue Type: Improvement Components: Core storage Reporter: Chris Lialios Priority: Trivial Attachments: BasicOverview.doc, EncryptingProviderSource.zip, encryption.patch, encryption.patch, encryption.patch, encryption.patch We would like to store passwords within the wiki pages. Securing the page is trivial, however the contents on disk remain clear text. It would be very nice to have a page type that could be stored in an obfuscated form on disk. As an addition have a secondary password to display/edit the encrypted contents on disk for those who do not want to use wiki security on the page. I suspect this will have potentially drastic effects on the revisions process, but it would be a small price to pay for security. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (JSPWIKI-205) Obfuscate on disk content type
[ https://issues.apache.org/jira/browse/JSPWIKI-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14140141#comment-14140141 ] Jürgen Weber commented on JSPWIKI-205: -- The JRE has all you need for encryption in Java. So, export restrictions problems are solved by Oracle, and not by any Java application vendor. A blowfish sample using only JRE classes: [http://www.java2s.com/Tutorial/Java/0490__Security/ABlowfishexample.htm] Obfuscate on disk content type -- Key: JSPWIKI-205 URL: https://issues.apache.org/jira/browse/JSPWIKI-205 Project: JSPWiki Issue Type: Improvement Components: Core storage Reporter: Chris Lialios Priority: Trivial Attachments: BasicOverview.doc, EncryptingProviderSource.zip, encryption.patch We would like to store passwords within the wiki pages. Securing the page is trivial, however the contents on disk remain clear text. It would be very nice to have a page type that could be stored in an obfuscated form on disk. As an addition have a secondary password to display/edit the encrypted contents on disk for those who do not want to use wiki security on the page. I suspect this will have potentially drastic effects on the revisions process, but it would be a small price to pay for security. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (JSPWIKI-205) Obfuscate on disk content type
[ https://issues.apache.org/jira/browse/JSPWIKI-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14138565#comment-14138565 ] Craig L Russell commented on JSPWIKI-205: - What I mean by export controls is exporting the jspwiki code outside the USA. Encryption technology is controlled by government regulations http://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States Obfuscate on disk content type -- Key: JSPWIKI-205 URL: https://issues.apache.org/jira/browse/JSPWIKI-205 Project: JSPWiki Issue Type: Improvement Components: Core storage Reporter: Chris Lialios Priority: Trivial Attachments: BasicOverview.doc, EncryptingProviderSource.zip, encryption.patch We would like to store passwords within the wiki pages. Securing the page is trivial, however the contents on disk remain clear text. It would be very nice to have a page type that could be stored in an obfuscated form on disk. As an addition have a secondary password to display/edit the encrypted contents on disk for those who do not want to use wiki security on the page. I suspect this will have potentially drastic effects on the revisions process, but it would be a small price to pay for security. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (JSPWIKI-205) Obfuscate on disk content type
[ https://issues.apache.org/jira/browse/JSPWIKI-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14138594#comment-14138594 ] David Vittor commented on JSPWIKI-205: -- Thanks Craig, that's another eye opener, there are legal rules around what encryption data can and can't be imported and exported to the USA. Obfuscate on disk content type -- Key: JSPWIKI-205 URL: https://issues.apache.org/jira/browse/JSPWIKI-205 Project: JSPWiki Issue Type: Improvement Components: Core storage Reporter: Chris Lialios Priority: Trivial Attachments: BasicOverview.doc, EncryptingProviderSource.zip, encryption.patch We would like to store passwords within the wiki pages. Securing the page is trivial, however the contents on disk remain clear text. It would be very nice to have a page type that could be stored in an obfuscated form on disk. As an addition have a secondary password to display/edit the encrypted contents on disk for those who do not want to use wiki security on the page. I suspect this will have potentially drastic effects on the revisions process, but it would be a small price to pay for security. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (JSPWIKI-205) Obfuscate on disk content type
[ https://issues.apache.org/jira/browse/JSPWIKI-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14139403#comment-14139403 ] Siegfried Goeschl commented on JSPWIKI-205: --- Hi folks, the relevant link is [http://www.apache.org/dev/crypto.html] having the following requirement Software using a symmetric algorithm employing a key length in excess of 56-bits; in other words - if you use DES you are fine (56 bit key) but using AES or Blowfish requires the legal stuff Obfuscate on disk content type -- Key: JSPWIKI-205 URL: https://issues.apache.org/jira/browse/JSPWIKI-205 Project: JSPWiki Issue Type: Improvement Components: Core storage Reporter: Chris Lialios Priority: Trivial Attachments: BasicOverview.doc, EncryptingProviderSource.zip, encryption.patch We would like to store passwords within the wiki pages. Securing the page is trivial, however the contents on disk remain clear text. It would be very nice to have a page type that could be stored in an obfuscated form on disk. As an addition have a secondary password to display/edit the encrypted contents on disk for those who do not want to use wiki security on the page. I suspect this will have potentially drastic effects on the revisions process, but it would be a small price to pay for security. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (JSPWIKI-205) Obfuscate on disk content type
[ https://issues.apache.org/jira/browse/JSPWIKI-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14138431#comment-14138431 ] Craig L Russell commented on JSPWIKI-205: - I'm no expert on this subject, but it seems from an architecture perspective that a filter is the better solution. I don't know of many cases where the markup for a page should be encrypted. So I'd rather see a more general purpose filter that encrypts the variable content even at the risk of exposing the fixed content with no encryption. As to the packaging, I'm a fan of providing the interface and a no-encryption filter in core that can be substituted by an encrypting filter. I seem to recall that providing an encrypting filter would require some registration for export controls. Obfuscate on disk content type -- Key: JSPWIKI-205 URL: https://issues.apache.org/jira/browse/JSPWIKI-205 Project: JSPWiki Issue Type: Improvement Components: Core storage Reporter: Chris Lialios Priority: Trivial Attachments: BasicOverview.doc, EncryptingProviderSource.zip, encryption.patch We would like to store passwords within the wiki pages. Securing the page is trivial, however the contents on disk remain clear text. It would be very nice to have a page type that could be stored in an obfuscated form on disk. As an addition have a secondary password to display/edit the encrypted contents on disk for those who do not want to use wiki security on the page. I suspect this will have potentially drastic effects on the revisions process, but it would be a small price to pay for security. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (JSPWIKI-205) Obfuscate on disk content type
[ https://issues.apache.org/jira/browse/JSPWIKI-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14138501#comment-14138501 ] David Vittor commented on JSPWIKI-205: -- Hi Craig, Thanks for the comment. My thinking is also towards the filter, especially as being part of the core application. Custom PageProviders can always be written for specific use cases. I really like your idea of having a no-encryption as a default, which can be substituted by another one. I'll add this. Export controls?? - I didn't realize there was a way to export the wiki content? That was going to be my next task to build an export mechanism for getting the raw text pages, in a zip format, so it can be imported into a different wiki. Obfuscate on disk content type -- Key: JSPWIKI-205 URL: https://issues.apache.org/jira/browse/JSPWIKI-205 Project: JSPWiki Issue Type: Improvement Components: Core storage Reporter: Chris Lialios Priority: Trivial Attachments: BasicOverview.doc, EncryptingProviderSource.zip, encryption.patch We would like to store passwords within the wiki pages. Securing the page is trivial, however the contents on disk remain clear text. It would be very nice to have a page type that could be stored in an obfuscated form on disk. As an addition have a secondary password to display/edit the encrypted contents on disk for those who do not want to use wiki security on the page. I suspect this will have potentially drastic effects on the revisions process, but it would be a small price to pay for security. -- This message was sent by Atlassian JIRA (v6.3.4#6332)