I created one ticket which covers the basic mechanism, although not any obfuscation upgrades:
https://issues.apache.org/jira/browse/CONNECTORS-1075 Karl On Wed, Oct 15, 2014 at 7:35 AM, Karl Wright <[email protected]> wrote: > Hi Jitu, > > I strongly suggest you still create a ticket and attach patches so that we > can agree on the right approach. > > Please have a look at > framework/pull-agent/src/main/java/org/apache/manifoldcf/crawler/system/ManifoldCF.java > . In there you will see two things: first, the code that looks up > dbsuperusername and dbsuperuserpassword in order to create the database > instance, and second, encryption code used for import and export of > ManifoldCF configuration. > > I had intended to add a property method called "getPropertyObfuscated" > which would use the ManifoldCF deobfuscate() method to retrieve an > obfuscated form of the property. For example, if the property was > "org.apache.manifoldcf.dbsuperuserpassword", the method would first look > for "org.apache.manifoldcf.dbsuperuserpasswordobfuscated" and if found > would deobfuscate the results. Only if not found would it look at > "org.apache.manifoldcf.dbsuperuserpassword". I still intend to make this > change in MCF 2.0 and 1.8, regardless of what you wind up doing in the end. > > FWIW, it is possible (and indeed I have been considering) replacing the > current homegrown Obfuscate/Deobfuscate code with a real encryption > algorithm. I would urge you to consider doing it that way rather than > inventing something wholly new. The Java cipher framework allows you to > register custom ciphers if that is what clients demand. (The import and > export uses AES.) The only complication with this approach is that > somewhere we'd need an encryption key, which would probably wind up being > placed in properties.xml as well, or maybe buried in code. So you don't > buy any real security this way, just protection from having someone see the > password over one's shoulder. > > Karl > > > On Wed, Oct 15, 2014 at 3:41 AM, Jitu <[email protected]> wrote: > >> Hi Karl, >> i would like to work on this bug. >> >> Thanks, >> Jitu >> >> On Wed, Oct 15, 2014 at 12:53 PM, Jitu <[email protected]> wrote: >> >>> Thanks Karl. That would be great. For now that helps. But in future, is >>> it possible to provide a way to inject custom encryption algorithm. some >>> clients want custom encryption algorithm for all their sensitive >>> information. >>> >>> Thanks, >>> Jitu >>> >>> On Wed, Oct 15, 2014 at 11:48 AM, Karl Wright <[email protected]> >>> wrote: >>> >>>> Hi Jitu, >>>> >>>> Obfuscating the password in the properties.xml file is not hard to >>>> implement but has not been requested before. Please create a ticket, and >>>> I'll look at implementing this sometime in the next couple of weeks. >>>> >>>> Thanks, >>>> Karl >>>> >>>> >>>> On Wed, Oct 15, 2014 at 1:30 AM, Jitu <[email protected]> wrote: >>>> >>>>> Hi Karl, >>>>> >>>>> Thanks for your continued support. Thanks to all who contributed for >>>>> Manifoldcf 1.7.1 release. >>>>> >>>>> I have a requirement where our client does not want to store database >>>>> password in plain text rather they want to store it in ecrypted in >>>>> properties.xml file. >>>>> >>>>> Thanks, >>>>> Jitu >>>>> >>>> >>>> >>> >> >
