On 18/10/12 15:38, Aki Yoshida wrote:
Hi,
but using a bus or EP prop, we will need a new method in COS to pass
this encryption option. And we will need to change the current code in
many places to make sure that this new method is used to prevent an
unintended plain output written from somewhere. So, I see some
drawbacks.
Maybe, we can have a global option plus an instance level
overwriting option? This would be similar to how the temp root
directory is currently set in COS.
+1
Cheers, Sergey
@Dan
we can add that option too.
thanks.
aki
2012/10/18 Freeman Fang<freeman.f...@gmail.com>:
Yeah, endpoint property should be good.
-------------
Freeman(Yue) Fang
Red Hat, Inc.
FuseSource is now part of Red Hat
Web: http://fusesource.com | http://www.redhat.com/
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
http://blog.sina.com.cn/u/1473905042
weibo: http://weibo.com/u/1473905042
On 2012-10-18, at 下午9:22, Willem jiang wrote:
Using the system property will effect CXF instance across the JVM.
It could be good if we can do it on the bus level.
--
Willem Jiang
Red Hat, Inc.
FuseSource is now part of Red Hat
Web: http://www.fusesource.com | http://www.redhat.com
Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/)
(English)
http://jnn.javaeye.com (http://jnn.javaeye.com/) (Chinese)
Twitter: willemjiang
Weibo: willemjiang
On Thursday, October 18, 2012 at 9:05 PM, Aki Yoshida wrote:
Hi Freeman,
yes. This should be an option and disabled by default.
I am thinking about introducing a system property
org.apache.cxf.io.CachedOutputStream.something to set the cipher
transformation name to enable this option.
regards, aki
2012/10/18 Freeman Fang<freeman.f...@gmail.com (mailto:freeman.f...@gmail.com)>:
Hi Aki,
Basically I'm +1 for this good idea. Just a little bit concern about the
performance impact.
Could we add a flag to enable this encryption behavior? By default the value is
false, so keep same behavior as is, and users can explicitly enable it if they
need a higher secure runtime.
My 2 cents.
Best Regards
Freeman
-------------
Freeman(Yue) Fang
Red Hat, Inc.
FuseSource is now part of Red Hat
Web: http://fusesource.com | http://www.redhat.com/
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
http://blog.sina.com.cn/u/1473905042
weibo: http://weibo.com/u/1473905042
On 2012-10-18, at 下午8:31, Aki Yoshida wrote:
Hi,
There is a concern that these temporary files are written out to the
file system without any protection. And I was wondering if we can add
an option to enable encryption for the stream output and keep the key
in the COS instance so that only that COS instance can later read the
data from the file system.
Is there any security concern to this approach? If none, I will go
ahead and add this option.
thanks.
regards, aki
