cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: encrypting tmp files generated by CachedOutputStream?
Date Thu, 18 Oct 2012 13:45:02 GMT

On Oct 18, 2012, at 8:31 AM, Aki Yoshida <elakito@gmail.com> wrote:

> Hi,
> There is a concern that these temporary files are written out to the
> file system without any protection. And I was wondering if we can add
> an option to enable encryption for the stream output and keep the key
> in the COS instance so that only that COS instance can later read the
> data from the file system.
> 
> Is there any security concern to this approach? If none, I will go
> ahead and add this option.

I definitely think this is a good idea.

However, if you are looking into this code, it might also be good to provide a slightly simpler
option when running on java7.   On J7, you should be able to set the file permissions and
likely the cxf created temp directory to 600.   That should have 0 performance impact and
may be 'good enough' for some people.   

We certainly could use the full encryption as well for the stricter user cases, but simple
file perms might work fine for others.

That said, this would require Java7 and thus we'd need to likely use reflection or similar
for compiling it and runtime and such.

-- 
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com


Mime
View raw message