I'm going to be incorporating code to handle Exchange Impersonation in
Exchange Web Services in the Calendar portlet. The current
implementation stores the the username and password in a properties
file. Since this is such a powerful trusted account, I'd like to
improve the security a bit above that implementation. What have others
done? Has anyone implemented something that I can package into the
portlet utilities project to improve the security aspects of storing
credentials?
What I was thinking of doing was having an encryption key stored in
portlet preferences and the encrypted password in a properties file,
plus the option of retrieving the properties files values from
${CATALINA_HOME}/portlet/{portletName}_overrides.properties and
${PORTLET_HOME}/{portletName}_overrides.properties. This certainly
isn't perfect, but at least it prevents someone who gets access to the
file system from easily obtaining the credential values without some
additional work and another knowledge barrier to overcome. It also
allows for different encryption encryption keys for different portlets.
I'd love to do something like this for the DB credentials as well, but I
haven't looked into the possibility of that.
Thoughts on this approach? I'm hoping someone might have already done
something and hopefully can share their solution, even if it is just a
partial.
Thanks,
--
James Wennmacher - Unicon
480.558.2420
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/uportal-dev
