synapse-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "indika priyantha kumara (JIRA)" <j...@apache.org>
Subject [jira] Commented: (SYNAPSE-376) Securing password in the datasource definition
Date Sun, 29 Jun 2008 13:09:45 GMT

    [ https://issues.apache.org/jira/browse/SYNAPSE-376?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12609109#action_12609109
] 

indika priyantha kumara commented on SYNAPSE-376:
-------------------------------------------------

I initially thought , both trust-store and key-store configurations to keep in the synape.properties.
And 'cipher-text.properties' keep all the cipher texts that will be used in anywhere in the
synapse (not just for datasource - for example , password in dblookp mediator). Now, I feel
both trust-store and key-store configuration also have to be moved to 'cipher-text.properties'
and both password for trust-store and key-store need to be kept on a separate file and after
reading that file (in start up ) , do delete it. Then, passwords for  both trust-store and
key-store are one time. We can also use asking user to give password for both trust-store
and key-store. But , I prefer to keep those in a file and after reading delete it. 

Then  

"cipher-text.properties" file look like

# Common properties

truststore.location=./../webapp/WEB-INF/classes/conf/identity.jks
......  # other parameters for truststore configuration (except passwords)

keystore.location=./../webapp/WEB-INF/classes/conf/identity.jks
....   # other parameters for keystore configuration (except passwords)

encryption.algorithm.default=RSA

plaintexts=admin,password

# configuration  per each plaintext
admin.ciphertext=aaaxzxxs223a
admin.encryption.algorithm=RSA

password.ciphertext=fdgfdfga2gf

And another one time file (on start up , after reading , do delete it)

"keystore-truststore-password.properties"

keystore.password=plaintext
truststore.password=palintext

> Securing password in the datasource definition 
> -----------------------------------------------
>
>                 Key: SYNAPSE-376
>                 URL: https://issues.apache.org/jira/browse/SYNAPSE-376
>             Project: Synapse
>          Issue Type: Improvement
>            Reporter: indika priyantha kumara
>            Assignee: indika priyantha kumara
>             Fix For: FUTURE
>
>
> Currently ,passwords in the datasource definition are in clear text format. (In synapse.properties).
Those have to be encrypted. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@synapse.apache.org
For additional commands, e-mail: dev-help@synapse.apache.org


Mime
View raw message