Hi, but using a bus or EP prop, we will need a new method in COS to pass this encryption option. And we will need to change the current code in many places to make sure that this new method is used to prevent an unintended plain output written from somewhere. So, I see some drawbacks. Maybe, we can have a global option plus an instance level overwriting option? This would be similar to how the temp root directory is currently set in COS.
@Dan we can add that option too. thanks. aki 2012/10/18 Freeman Fang <freeman.f...@gmail.com>: > Yeah, endpoint property should be good. > ------------- > Freeman(Yue) Fang > > Red Hat, Inc. > FuseSource is now part of Red Hat > Web: http://fusesource.com | http://www.redhat.com/ > Twitter: freemanfang > Blog: http://freemanfang.blogspot.com > http://blog.sina.com.cn/u/1473905042 > weibo: http://weibo.com/u/1473905042 > > On 2012-10-18, at 下午9:22, Willem jiang wrote: > >> Using the system property will effect CXF instance across the JVM. >> It could be good if we can do it on the bus level. >> >> -- >> Willem Jiang >> >> Red Hat, Inc. >> FuseSource is now part of Red Hat >> Web: http://www.fusesource.com | http://www.redhat.com >> Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/) >> (English) >> http://jnn.javaeye.com (http://jnn.javaeye.com/) (Chinese) >> Twitter: willemjiang >> Weibo: willemjiang >> >> >> >> >> On Thursday, October 18, 2012 at 9:05 PM, Aki Yoshida wrote: >> >>> Hi Freeman, >>> yes. This should be an option and disabled by default. >>> I am thinking about introducing a system property >>> org.apache.cxf.io.CachedOutputStream.something to set the cipher >>> transformation name to enable this option. >>> >>> regards, aki >>> >>> 2012/10/18 Freeman Fang <freeman.f...@gmail.com >>> (mailto:freeman.f...@gmail.com)>: >>>> Hi Aki, >>>> >>>> Basically I'm +1 for this good idea. Just a little bit concern about the >>>> performance impact. >>>> Could we add a flag to enable this encryption behavior? By default the >>>> value is false, so keep same behavior as is, and users can explicitly >>>> enable it if they need a higher secure runtime. >>>> >>>> My 2 cents. >>>> Best Regards >>>> Freeman >>>> ------------- >>>> Freeman(Yue) Fang >>>> >>>> Red Hat, Inc. >>>> FuseSource is now part of Red Hat >>>> Web: http://fusesource.com | http://www.redhat.com/ >>>> Twitter: freemanfang >>>> Blog: http://freemanfang.blogspot.com >>>> http://blog.sina.com.cn/u/1473905042 >>>> weibo: http://weibo.com/u/1473905042 >>>> >>>> On 2012-10-18, at 下午8:31, Aki Yoshida wrote: >>>> >>>>> Hi, >>>>> There is a concern that these temporary files are written out to the >>>>> file system without any protection. And I was wondering if we can add >>>>> an option to enable encryption for the stream output and keep the key >>>>> in the COS instance so that only that COS instance can later read the >>>>> data from the file system. >>>>> >>>>> Is there any security concern to this approach? If none, I will go >>>>> ahead and add this option. >>>>> >>>>> thanks. >>>>> regards, aki >>>> >>> >> >> >> >
