Thanks, Pushpalanka. -- Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ Mobile: +94779716248 Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
On Sun, Nov 2, 2014 at 10:55 PM, Firzhan Naqash <firz...@wso2.com> wrote: > Hi All, > > 1. Yes, we are to only encrypt the property value. > Adding more information, as I know the plan is to define something like > below in the file to be encrypted. > <Property name="ConnectionPassword" *encrypted=true* > >admin</Property> > After encrypting the value it will be saved back as, > > > When we are encrypting from GUI, we use the fields mentioned to be > encrypted in Property objects. Therefore in order to maintain the > consistency, we can use those fields rather than explicitly defining > property called true. > That's clean and simple. So now the developer of the user store manager controls which properties should be encrypted rather than the admin. I think it's fine as most of the time it's the password only. > > > WDYT? > > Regards, > Firzhan > > On Wed, Oct 29, 2014 at 10:46 AM, Pushpalanka Jayawardhana <la...@wso2.com > > wrote: > >> Hi, >> >> >> On Wed, Oct 29, 2014 at 1:02 AM, Udara Liyanage <ud...@wso2.com> wrote: >> >>> Hi, >>> >>> Isn't is better to encrypt fields of the file rather than the whole file >>> like we do in secure vault. Please correct me if I am wrong since I am not >>> well aware of the exact use case >>> >> 1. Yes, we are to only encrypt the property value. >> Adding more information, as I know the plan is to define something like >> below in the file to be encrypted. >> <Property name="ConnectionPassword" *encrypted=false* >> >admin</Property> >> After encrypting the value it will be saved back as, >> <Property name="ConnectionPassword" *encrypted=true* >> >Wxy635hxahftafafetk8dsnnHkw</Property> >> >> It would be great if there is a better way to imply which properties >> should be encrypted and after encrypting, to imply that the value is >> encrypted. >> >> 2. An indication in the file name is added to imply whether it >> carries property values to be encrypted. Otherwise all the properties >> should be scanned blindly and checked for the encryption which seemed a >> waste. The is a trade-off between this cost of scanning and another >> convention added to the file name. >> >>> I prefer prefix rather than appending since appending enc does not help >>> someone to figure it out as a secured file at first glance. >>> >>> In OSes like Linux file extension does not matter much. Is it possible >>> for someone to have a file name like 'sec-con' (without any extension) >>> >>> Touched, not typed. Erroneous words are a feature, not a typo. >>> >> Thanks, >> Pushpalanka. >> -- >> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). >> Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ >> Mobile: +94779716248 >> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: >> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka >> > >
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
