Hello, About this topic, I am the founder of a project called Jasypt (Java Simplified Encryption) [http://www.jasypt.org], which is aimed at easily adding robust encryption capabilities to java applications, be it password digesting or two-way text, binary, or number encryption (based on any JCE provider).
I am still relatively new to wicket (although I really, really like what I am learning :-)), and I am interested in developing some kind of wicket - jasypt integration so that wicket applications can easily benefit from jasypt-based password encryption with little effort. This could be easily done by creating a wrapper for jasypt's PasswordEncryptor or StringDigester implementations, and make the wrapper itself implement wicket's ICrypt interface. Jasypt already performs Base64 encoding "out of the box" as required by Wicket 1.2. I would be happy to develop this integration for the next version of jasypt, unless you prefer to integrate jasypt directly into the ICrypt infrastructure of wicket (by providing something like a "StrongCrypt" implementation based on a digest algorithm stronger than PBEWithMD5AndDES), which would also be alright for me. What do you think? Did you already have any plans for improving this encryption infrastructure for Wicket 2.0? As further info, about user password encryption: http://www.jasypt.org/howtoencryptuserpasswords.html Regards, Daniel. On 7/19/07, Martijn Dashorst <[EMAIL PROTECTED]> wrote: > > It is configurable: don't use PasswordTextField but TextField instead. > > The reason behind PTF's encryption is that we want to provide a secure > solution out-of-the-box. You can circumvent it, but then *you* need to > open up Pandorra's box, not us. Same with escaping markup while > outputting model values: the default is safe. > > Martijn > > On 7/19/07, David Rosenstrauch <[EMAIL PROTECTED]> wrote: > > Just wondering: anyone know what's the reason behind 1) making > > PasswordTextField's automatically encrypting their contents by default, > > and 2) making this not configurable? > > > > I lost several hours debugging tonight till I finally pinpointed this as > > the cause of my bug. > > > > TIA, > > > > DR > > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by DB2 Express > > Download DB2 Express C - the FREE version of DB2 express and take > > control of your XML. No limits. Just data. Click to get it now. > > http://sourceforge.net/powerbar/db2/ > > _______________________________________________ > > Wicket-user mailing list > > Wicket-user@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/wicket-user > > > > > -- > Wicket joins the Apache Software Foundation as Apache Wicket > Apache Wicket 1.3.0-beta2 is released > Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.0-beta2/ > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Wicket-user mailing list > Wicket-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wicket-user > ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
