[ 
https://issues.apache.org/jira/browse/JSPWIKI-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14149286#comment-14149286
 ] 

David Vittor commented on JSPWIKI-205:
--------------------------------------

I think the original idea of this issue was to prevent the files stored on the 
disk, especially page content being available in plain text. This allows 
backing these files to the cloud, e.g. dropbox, box.net, ec2, etc. 

How to secure the key which encrypts the data is very important, but as Glen 
mentioned I think the admin of the wiki should be responsible for securing the 
wiki and so he should have access to key and the data of the wiki. 

I think the code patch I've proposed, handles all the points raised here quite 
nicely.

> Obfuscate on disk content type
> ------------------------------
>
>                 Key: JSPWIKI-205
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-205
>             Project: JSPWiki
>          Issue Type: Improvement
>          Components: Core & storage
>            Reporter: Chris Lialios
>            Priority: Trivial
>         Attachments: BasicOverview.doc, EncryptingProviderSource.zip, 
> encryption.patch, encryption.patch, encryption.patch, encryption.patch
>
>
> We would like to store passwords within the wiki pages. 
> Securing the page is trivial, however the contents on disk remain clear text.
> It would be very nice to have a page type that could be stored in an 
> obfuscated form on disk. 
> As an addition  have a secondary password to display/edit the encrypted 
> contents on disk for those who do not want to use wiki security on the page.
> I suspect this will have potentially drastic effects on the revisions 
> process, but it would be a small price to pay for security.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to