On Sat, Jun 15, 2013 at 5:06 PM, Christian Mueller <
[email protected]> wrote:
> Hi Andrea
>
> First, good idea, +1.
>
> I never worked with GWC, so I hope my assumptions are correct here.
>
> I think we need 3 methods
>
> 1) String encode(String clearTextValue);
> Simply use ConfigurationPasswordEncryptionHelper.encode(..)
>
> 2) String decode(String encryptedValue);
> Simply use ConfigurationPasswordEncryptionHelper.decode(..)
>
> 3) recodeAll
> Recodes all passwords used by GWC. Be aware of the fact that even plain
> text passwords
> have a prefix. (Your assumptions about the prefix are correct). The
> password
>
> mypassword
>
> is stored as
>
> plain:mypassword.
>
This one troubles me. As said, standalone GWC users are forced into editing
the configuration
files by hand, having to force this kind of change on them is going to be
nasty, and would
make little sense too since I don't see any standalone GWC user encrypting
passwords anyways.
For the embedded GWC, the only place where a password can reside that has a
GUI editor
is the disk quota database, so that's the only password that might have to
be rewritten.
This recodeAll method you're citing, does it have a GeoServer equivalent? I
guess it's done
on startup when figuring out the data dir has the old security system,
right?
In the embedded GWC case I'd have no such information, the only way to
figure out
passwords are not encoded is when reading the disk quota configuration, and
finding there
is no prefix, so I guess that's where the eventual re-coding should happen.
I should probably add a "encryptedPassword" field in the configuration, so
that the existing
field plays the role of the un-encrypted one and can be used to determine
whether the config
has been encrypted or not.
>
> Maybe we need some migration code.
>
> I think the method isResponsibleFor is not necessary, except GWC uses its
> own encoders.
>
Maybe not indeed, I was considering a case in which the password encoder
changed... even if
I don't see normal standalone GWC users entering encrypted passwords in the
config files,
I was thinking about future-proofing the code, so that if GWC ever gets its
own config GUI,
we have a way to handle changing the password encryption.
Cheers
Andrea
--
==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more
information.
==
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
