A suggestion. SFTP can use PKI shared keys for authentication. The keys are host+user specific.
I am not familiar enough with Synapse to know exactly how you'd go about it, but I do suggest that the answer lies in using PKI. JRJ -----Original Message----- From: kimhorn [mailto:[email protected]] Sent: Wednesday, April 01, 2009 2:31 AM To: [email protected] Subject: Can VFS SFTP Passwords be encrypted For security no applications, specially scripts, should have passwords kept in clear text. Currently we encrypt all passwords in Synapse.xml files and use a Java Class Mediator to decrypt them and to place them in the SOAP or message context Transport. However STFP and VFS Proxy and endpoint pose a problem and I cannot see how they can be used without exposing the password in clear text: <proxy name="StockQuoteProxy" transports="vfs"> <parameter name="transport.vfs.FileURI">vfs:sftp://myusername:mypassw...@somehost/home/download?vfs.passive=true</parameter> ............. </proxy> <send> <endpoint> <address uri="vfs:sftp://myusername:mypassw...@somehost/home/upload?vfs.passive=true"/> </endpoint> </send> This suggests many problems with VFS: - How can an encrypted password alone be used and unencrypted . - If not the password then encrypt the whole parameter 'name' How can the VFS proxy parameter name be set from a property, or registry entry. - Where then can Java can be used to decrypt it. - How could the property be set prior to Proxy invocation ? ( a start up script approach is required. task ?). Maybe like the DataBase info VFS stuff can be placed in start up properties file. Any suggestions to make the synapse secure ? Thanks Kim -- View this message in context: http://www.nabble.com/Can-VFS-SFTP-Passwords-be-encrypted-tp22821249p22821249.html Sent from the Synapse - User mailing list archive at Nabble.com.
