ant-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From danch <da...@nvisia.com>
Subject Re: Ant tasks to encrypt or decrypt passwords from property files
Date Mon, 19 Jun 2006 20:30:29 GMT
The classic response to the classic topic: if you can protect the 
decryption key adequately, why not simply protect the password adequately?

Using encryption to enhance data security isn't a simple matter of 
"turning it on" - you have to consider these sorts of issues or all 
you'll be doing is giving yourself a false _sense_ of security while 
remaining as vulnerable as ever.

One approach for key management is to keep the key on removable media 
which are only inserted when the key is required. Naturally, this could 
be done with a passwords property file as well. Would your DBA be 
willing to be responsible for mounting a removable drive when a 
key/password is required, and removing it when it is no longer required? 
Do you have systems operators who could perform this duty?

Dominique Devienne wrote:
>> we would be interested in encrypting.
>
> But then it's a chicken-and-egg problem, no?
>
> Where are you going to store the passwords to decrypt the passwords
> read from properties files? --DD
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
> For additional commands, e-mail: user-help@ant.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org


Mime
View raw message