Return-Path: X-Original-To: apmail-jspwiki-dev-archive@www.apache.org Delivered-To: apmail-jspwiki-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 584CC11F9C for ; Wed, 24 Sep 2014 01:40:34 +0000 (UTC) Received: (qmail 69689 invoked by uid 500); 24 Sep 2014 01:40:34 -0000 Delivered-To: apmail-jspwiki-dev-archive@jspwiki.apache.org Received: (qmail 69656 invoked by uid 500); 24 Sep 2014 01:40:34 -0000 Mailing-List: contact dev-help@jspwiki.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@jspwiki.apache.org Delivered-To: mailing list dev@jspwiki.apache.org Received: (qmail 69644 invoked by uid 99); 24 Sep 2014 01:40:34 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Sep 2014 01:40:34 +0000 Date: Wed, 24 Sep 2014 01:40:34 +0000 (UTC) From: "David Vittor (JIRA)" To: dev@jspwiki.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (JSPWIKI-205) Obfuscate on disk content type MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/JSPWIKI-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14145762#comment-14145762 ] David Vittor commented on JSPWIKI-205: -------------------------------------- Hi Harry, That's a good idea. I like the idea of keeping the key only available in memory, which means it's never stored on a filesystem. This could be done easily enough. However I would need to think about how the key is entered. This means I have to think about the UI side of things, which I will come back to at a later stage. However with the current implementation the jspwiki-crypto.properties file can be store outside of the wiki working directory, so it can be on a USB, or in a secure folder, etc. Which is reasonably secure. The current patch is the groundwork for two goals - 1. backup the content of the wiki to the cloud, and 2. develop a password plugin. For now I'm going back to the AJAX framework. > Obfuscate on disk content type > ------------------------------ > > Key: JSPWIKI-205 > URL: https://issues.apache.org/jira/browse/JSPWIKI-205 > Project: JSPWiki > Issue Type: Improvement > Components: Core & storage > Reporter: Chris Lialios > Priority: Trivial > Attachments: BasicOverview.doc, EncryptingProviderSource.zip, encryption.patch, encryption.patch, encryption.patch, encryption.patch > > > We would like to store passwords within the wiki pages. > Securing the page is trivial, however the contents on disk remain clear text. > It would be very nice to have a page type that could be stored in an obfuscated form on disk. > As an addition have a secondary password to display/edit the encrypted contents on disk for those who do not want to use wiki security on the page. > I suspect this will have potentially drastic effects on the revisions process, but it would be a small price to pay for security. -- This message was sent by Atlassian JIRA (v6.3.4#6332)