manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Wright <daddy...@gmail.com>
Subject Re: override properties.xml file
Date Wed, 15 Oct 2014 11:57:09 GMT
I created one ticket which covers the basic mechanism, although not any
obfuscation upgrades:

https://issues.apache.org/jira/browse/CONNECTORS-1075

Karl

On Wed, Oct 15, 2014 at 7:35 AM, Karl Wright <daddywri@gmail.com> wrote:

> Hi Jitu,
>
> I strongly suggest you still create a ticket and attach patches so that we
> can agree on the right approach.
>
> Please have a look at
> framework/pull-agent/src/main/java/org/apache/manifoldcf/crawler/system/ManifoldCF.java
> .  In there you will see two things: first, the code that looks up
> dbsuperusername and dbsuperuserpassword in order to create the database
> instance, and second, encryption code used for import and export of
> ManifoldCF configuration.
>
> I had intended to add a property method called "getPropertyObfuscated"
> which would use the ManifoldCF deobfuscate() method to retrieve an
> obfuscated form of the property.  For example, if the property was
> "org.apache.manifoldcf.dbsuperuserpassword", the method would first look
> for "org.apache.manifoldcf.dbsuperuserpasswordobfuscated" and if found
> would deobfuscate the results.  Only if not found would it look at
> "org.apache.manifoldcf.dbsuperuserpassword".  I still intend to make this
> change in MCF 2.0 and 1.8, regardless of what you wind up doing in the end.
>
> FWIW, it is possible (and indeed I have been considering) replacing the
> current homegrown Obfuscate/Deobfuscate code with a real encryption
> algorithm.  I would urge you to consider doing it that way rather than
> inventing something wholly new.  The Java cipher framework allows you to
> register custom ciphers if that is what clients demand.  (The import and
> export uses AES.)  The only complication with this approach is that
> somewhere we'd need an encryption key, which would probably wind up being
> placed in properties.xml as well, or maybe buried in code.  So you don't
> buy any real security this way, just protection from having someone see the
> password over one's shoulder.
>
> Karl
>
>
> On Wed, Oct 15, 2014 at 3:41 AM, Jitu <abjitu@gmail.com> wrote:
>
>> Hi Karl,
>>          i would like to work on this bug.
>>
>> Thanks,
>> Jitu
>>
>> On Wed, Oct 15, 2014 at 12:53 PM, Jitu <abjitu@gmail.com> wrote:
>>
>>> Thanks Karl. That would be great. For now that helps. But in future, is
>>> it possible to provide a way to inject custom encryption algorithm. some
>>> clients want custom encryption algorithm for all their sensitive
>>> information.
>>>
>>> Thanks,
>>> Jitu
>>>
>>> On Wed, Oct 15, 2014 at 11:48 AM, Karl Wright <daddywri@gmail.com>
>>> wrote:
>>>
>>>> Hi Jitu,
>>>>
>>>> Obfuscating the password in the properties.xml file is not hard to
>>>> implement but has not been requested before.  Please create a ticket, and
>>>> I'll look at implementing this sometime in the next couple of weeks.
>>>>
>>>> Thanks,
>>>> Karl
>>>>
>>>>
>>>> On Wed, Oct 15, 2014 at 1:30 AM, Jitu <abjitu@gmail.com> wrote:
>>>>
>>>>> Hi Karl,
>>>>>
>>>>> Thanks for your continued support. Thanks to all who contributed for
>>>>> Manifoldcf 1.7.1 release.
>>>>>
>>>>> I have a requirement where our client does not want to store database
>>>>> password in plain text rather they want to store it in ecrypted in
>>>>> properties.xml file.
>>>>>
>>>>> Thanks,
>>>>> Jitu
>>>>>
>>>>
>>>>
>>>
>>
>

Mime
View raw message