cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Freeman Fang <freeman.f...@gmail.com>
Subject Re: encrypting tmp files generated by CachedOutputStream?
Date Fri, 19 Oct 2012 00:40:14 GMT
+1

Freeman
-------------
Freeman(Yue) Fang

Red Hat, Inc. 
FuseSource is now part of Red Hat
Web: http://fusesource.com | http://www.redhat.com/
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
http://blog.sina.com.cn/u/1473905042
weibo: http://weibo.com/u/1473905042

On 2012-10-18, at 下午10:38, Aki Yoshida wrote:

> Hi,
> but using a bus or EP prop, we will need a new method in COS to pass
> this encryption option. And we will need to change the current code in
> many places to make sure that this new method is used to prevent an
> unintended plain output written from somewhere. So, I see some
> drawbacks. Maybe, we can have a global option plus an instance level
> overwriting option? This would be similar to how the temp root
> directory is currently set in COS.
> 
> @Dan
> we can add that option too.
> thanks.
> 
> aki
> 
> 2012/10/18 Freeman Fang <freeman.fang@gmail.com>:
>> Yeah, endpoint property should be good.
>> -------------
>> Freeman(Yue) Fang
>> 
>> Red Hat, Inc.
>> FuseSource is now part of Red Hat
>> Web: http://fusesource.com | http://www.redhat.com/
>> Twitter: freemanfang
>> Blog: http://freemanfang.blogspot.com
>> http://blog.sina.com.cn/u/1473905042
>> weibo: http://weibo.com/u/1473905042
>> 
>> On 2012-10-18, at 下午9:22, Willem jiang wrote:
>> 
>>> Using the system property will effect CXF instance across the JVM.
>>> It could be good if we can do it on the bus level.
>>> 
>>> --
>>> Willem Jiang
>>> 
>>> Red Hat, Inc.
>>> FuseSource is now part of Red Hat
>>> Web: http://www.fusesource.com | http://www.redhat.com
>>> Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/) (English)
>>>         http://jnn.javaeye.com (http://jnn.javaeye.com/) (Chinese)
>>> Twitter: willemjiang
>>> Weibo: willemjiang
>>> 
>>> 
>>> 
>>> 
>>> On Thursday, October 18, 2012 at 9:05 PM, Aki Yoshida wrote:
>>> 
>>>> Hi Freeman,
>>>> yes. This should be an option and disabled by default.
>>>> I am thinking about introducing a system property
>>>> org.apache.cxf.io.CachedOutputStream.something to set the cipher
>>>> transformation name to enable this option.
>>>> 
>>>> regards, aki
>>>> 
>>>> 2012/10/18 Freeman Fang <freeman.fang@gmail.com (mailto:freeman.fang@gmail.com)>:
>>>>> Hi Aki,
>>>>> 
>>>>> Basically I'm +1 for this good idea. Just a little bit concern about
the performance impact.
>>>>> Could we add a flag to enable this encryption behavior? By default the
value is false, so keep same behavior as is, and users can explicitly enable it if they need
a higher secure runtime.
>>>>> 
>>>>> My 2 cents.
>>>>> Best Regards
>>>>> Freeman
>>>>> -------------
>>>>> Freeman(Yue) Fang
>>>>> 
>>>>> Red Hat, Inc.
>>>>> FuseSource is now part of Red Hat
>>>>> Web: http://fusesource.com | http://www.redhat.com/
>>>>> Twitter: freemanfang
>>>>> Blog: http://freemanfang.blogspot.com
>>>>> http://blog.sina.com.cn/u/1473905042
>>>>> weibo: http://weibo.com/u/1473905042
>>>>> 
>>>>> On 2012-10-18, at 下午8:31, Aki Yoshida wrote:
>>>>> 
>>>>>> Hi,
>>>>>> There is a concern that these temporary files are written out to
the
>>>>>> file system without any protection. And I was wondering if we can
add
>>>>>> an option to enable encryption for the stream output and keep the
key
>>>>>> in the COS instance so that only that COS instance can later read
the
>>>>>> data from the file system.
>>>>>> 
>>>>>> Is there any security concern to this approach? If none, I will go
>>>>>> ahead and add this option.
>>>>>> 
>>>>>> thanks.
>>>>>> regards, aki
>>>>> 
>>>> 
>>> 
>>> 
>>> 
>> 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message