On Fri, Dec 12, 2014 at 1:00 PM, Nirmal Fernando <[email protected]> wrote: > > hmm.. then why we need to encrypt anything at all ? > Good point. AFAIS its sometimes a policy for certain environments to keep passwords encrypted.
> > On Fri, Dec 12, 2014 at 5:29 PM, Isuru Haththotuwa <[email protected]> > wrote: >> >> >> >> On Fri, Dec 12, 2014 at 12:56 PM, Nirmal Fernando <[email protected]> >> wrote: >>> >>> But I wonder whether we could recommend this approach. If you get rid of >>> key store password, you could decrypt any encrypted password, isn't it ? >>> >> Yes, that is true. However, for a secure deployment this is acceptable >> IMHO, specially if the server is not exposed to public. Depends on the >> requirement. >> >>> >>> On Fri, Dec 12, 2014 at 5:21 PM, Isuru Haththotuwa <[email protected]> >>> wrote: >>>> >>>> Thanks Pushpalanka. >>>> >>>> On Fri, Dec 12, 2014 at 12:44 PM, Pushpalanka Jayawardhana < >>>> [email protected]> wrote: >>>>> >>>>> Hi, >>>>> >>>>> If this file is named 'password-persist', it will not be deleted. >>>>> >>>>> [1] - >>>>> http://ajithvblogs.blogspot.com/2014/01/secure-custom-properties-file-using.html >>>>> >>>>> "Note:~ This temp file(password-tmp) will be delete after the server >>>>> started. It implied that you have to create that file for every restart. >>>>> But if you think your deployment system is secured, then create that temp >>>>> file name having "password-persist", that file will be remain even after >>>>> the server started. Therefore you don't need to create for each >>>>> restart." >>>>> >>>>> Thanks, >>>>> Pushpalanka. >>>>> -- >>>>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). >>>>> Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ >>>>> Mobile: +94779716248 >>>>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: >>>>> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka >>>>> >>>>> >>>>> On Fri, Dec 12, 2014 at 5:05 PM, Isuru Haththotuwa <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> Is it possible to $subject, for the key store that is used to encrypt >>>>>> the plain text passwords? Currently AFAIU its stored in a temporary file, >>>>>> which will get deleted after the carbon server started. >>>>>> >>>>>> -- >>>>>> Thanks and Regards, >>>>>> >>>>>> Isuru H. >>>>>> +94 716 358 048* <http://wso2.com/>* >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> [email protected] >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>> >>>> -- >>>> Thanks and Regards, >>>> >>>> Isuru H. >>>> +94 716 358 048* <http://wso2.com/>* >>>> >>>> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> -- >>> >>> Thanks & regards, >>> Nirmal >>> >>> Senior Software Engineer- Platform Technologies Team, WSO2 Inc. >>> Mobile: +94715779733 >>> Blog: http://nirmalfdo.blogspot.com/ >>> >>> >>> >> >> -- >> Thanks and Regards, >> >> Isuru H. >> +94 716 358 048* <http://wso2.com/>* >> >> >> > > -- > > Thanks & regards, > Nirmal > > Senior Software Engineer- Platform Technologies Team, WSO2 Inc. > Mobile: +94715779733 > Blog: http://nirmalfdo.blogspot.com/ > > > -- Thanks and Regards, Isuru H. +94 716 358 048* <http://wso2.com/>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
