On Oct 18, 2012, at 8:31 AM, Aki Yoshida <elak...@gmail.com> wrote: > Hi, > There is a concern that these temporary files are written out to the > file system without any protection. And I was wondering if we can add > an option to enable encryption for the stream output and keep the key > in the COS instance so that only that COS instance can later read the > data from the file system. > > Is there any security concern to this approach? If none, I will go > ahead and add this option.
I definitely think this is a good idea. However, if you are looking into this code, it might also be good to provide a slightly simpler option when running on java7. On J7, you should be able to set the file permissions and likely the cxf created temp directory to 600. That should have 0 performance impact and may be 'good enough' for some people. We certainly could use the full encryption as well for the stricter user cases, but simple file perms might work fine for others. That said, this would require Java7 and thus we'd need to likely use reflection or similar for compiling it and runtime and such. -- Daniel Kulp dk...@apache.org - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com
