jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Vittor (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (JSPWIKI-205) Obfuscate on disk content type
Date Wed, 24 Sep 2014 01:40:34 GMT

    [ https://issues.apache.org/jira/browse/JSPWIKI-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14145762#comment-14145762

David Vittor commented on JSPWIKI-205:

Hi Harry,

That's a good idea. I like the idea of keeping the key only available in memory, which means
it's never stored on a filesystem. This could be done easily enough. However I would need
to think about how the key is entered. This means I have to think about the UI side of things,
which I will come back to at a later stage.

However with the current implementation the jspwiki-crypto.properties file can be store outside
of the wiki working directory, so it can be on a USB, or in a secure folder, etc. Which is
reasonably secure.

The current patch is the groundwork for two goals - 1. backup the content of the wiki to the
cloud, and 2. develop a password plugin.

For now I'm going back to the AJAX framework.

> Obfuscate on disk content type
> ------------------------------
>                 Key: JSPWIKI-205
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-205
>             Project: JSPWiki
>          Issue Type: Improvement
>          Components: Core & storage
>            Reporter: Chris Lialios
>            Priority: Trivial
>         Attachments: BasicOverview.doc, EncryptingProviderSource.zip, encryption.patch,
encryption.patch, encryption.patch, encryption.patch
> We would like to store passwords within the wiki pages. 
> Securing the page is trivial, however the contents on disk remain clear text.
> It would be very nice to have a page type that could be stored in an obfuscated form
on disk. 
> As an addition  have a secondary password to display/edit the encrypted contents on disk
for those who do not want to use wiki security on the page.
> I suspect this will have potentially drastic effects on the revisions process, but it
would be a small price to pay for security.

This message was sent by Atlassian JIRA

View raw message