cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aki Yoshida <elak...@gmail.com>
Subject Re: encrypting tmp files generated by CachedOutputStream?
Date Thu, 18 Oct 2012 13:05:31 GMT
Hi Freeman,
yes. This should be an option and disabled by default.
I am thinking about introducing a system property
org.apache.cxf.io.CachedOutputStream.something to set the cipher
transformation name to enable  this option.

regards, aki

2012/10/18 Freeman Fang <freeman.fang@gmail.com>:
> Hi Aki,
>
> Basically I'm +1 for this good idea. Just a little bit concern about the performance
impact.
> Could we add a flag to enable this encryption behavior? By default the value is false,
so keep same behavior as is, and users can explicitly enable it if they need a higher secure
 runtime.
>
> My 2 cents.
> Best Regards
> Freeman
> -------------
> Freeman(Yue) Fang
>
> Red Hat, Inc.
> FuseSource is now part of Red Hat
> Web: http://fusesource.com | http://www.redhat.com/
> Twitter: freemanfang
> Blog: http://freemanfang.blogspot.com
> http://blog.sina.com.cn/u/1473905042
> weibo: http://weibo.com/u/1473905042
>
> On 2012-10-18, at 下午8:31, Aki Yoshida wrote:
>
>> Hi,
>> There is a concern that these temporary files are written out to the
>> file system without any protection. And I was wondering if we can add
>> an option to enable encryption for the stream output and keep the key
>> in the COS instance so that only that COS instance can later read the
>> data from the file system.
>>
>> Is there any security concern to this approach? If none, I will go
>> ahead and add this option.
>>
>> thanks.
>> regards, aki
>

Mime
View raw message