cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Freeman Fang <freeman.f...@gmail.com>
Subject Re: encrypting tmp files generated by CachedOutputStream?
Date Thu, 18 Oct 2012 13:27:44 GMT
Yeah, endpoint property should be good.
-------------
Freeman(Yue) Fang

Red Hat, Inc. 
FuseSource is now part of Red Hat
Web: http://fusesource.com | http://www.redhat.com/
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
http://blog.sina.com.cn/u/1473905042
weibo: http://weibo.com/u/1473905042

On 2012-10-18, at 下午9:22, Willem jiang wrote:

> Using the system property will effect CXF instance across the JVM.
> It could be good if we can do it on the bus level.
> 
> --  
> Willem Jiang
> 
> Red Hat, Inc.
> FuseSource is now part of Red Hat
> Web: http://www.fusesource.com | http://www.redhat.com
> Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/) (English)
>          http://jnn.javaeye.com (http://jnn.javaeye.com/) (Chinese)
> Twitter: willemjiang  
> Weibo: willemjiang
> 
> 
> 
> 
> On Thursday, October 18, 2012 at 9:05 PM, Aki Yoshida wrote:
> 
>> Hi Freeman,
>> yes. This should be an option and disabled by default.
>> I am thinking about introducing a system property
>> org.apache.cxf.io.CachedOutputStream.something to set the cipher
>> transformation name to enable this option.
>> 
>> regards, aki
>> 
>> 2012/10/18 Freeman Fang <freeman.fang@gmail.com (mailto:freeman.fang@gmail.com)>:
>>> Hi Aki,
>>> 
>>> Basically I'm +1 for this good idea. Just a little bit concern about the performance
impact.
>>> Could we add a flag to enable this encryption behavior? By default the value
is false, so keep same behavior as is, and users can explicitly enable it if they need a higher
secure runtime.
>>> 
>>> My 2 cents.
>>> Best Regards
>>> Freeman
>>> -------------
>>> Freeman(Yue) Fang
>>> 
>>> Red Hat, Inc.
>>> FuseSource is now part of Red Hat
>>> Web: http://fusesource.com | http://www.redhat.com/
>>> Twitter: freemanfang
>>> Blog: http://freemanfang.blogspot.com
>>> http://blog.sina.com.cn/u/1473905042
>>> weibo: http://weibo.com/u/1473905042
>>> 
>>> On 2012-10-18, at 下午8:31, Aki Yoshida wrote:
>>> 
>>>> Hi,
>>>> There is a concern that these temporary files are written out to the
>>>> file system without any protection. And I was wondering if we can add
>>>> an option to enable encryption for the stream output and keep the key
>>>> in the COS instance so that only that COS instance can later read the
>>>> data from the file system.
>>>> 
>>>> Is there any security concern to this approach? If none, I will go
>>>> ahead and add this option.
>>>> 
>>>> thanks.
>>>> regards, aki
>>> 
>> 
> 
> 
> 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message