Re: [Geoserver-devel] Making GWC play along with the password encryption game

Wed, 19 Jun 2013 02:54:31 -0700 

On Tue, Jun 18, 2013 at 11:20 AM, Andrea Aime
<[email protected]>wrote:

> Maybe not indeed, I was considering a case in which the password encoder
> changed... even if
> I don't see normal standalone GWC users entering encrypted passwords in
> the config files,
> I was thinking about future-proofing the code, so that if GWC ever gets
> its own config GUI,
> we have a way to handle changing the password encryption.
>

I had another look at the whole matter and believe this can be solved
without having to modify
GWC at all.
GeoServer has two methods to load and save the JDBC configuration (used by
the GUI),
so I just need to tap into those and encrypt the password before it gets
saved, and decrypt
it on the way back, before GWC can start using it.

I cannot know if the password is encrypted or not just by searching for the
well
known prefixes, but I can just test with each GeoServer password encoder if
the value is something
it can handle, and if none is found, assume the password is still plaintext.
Might have some little glitch for some unlucky cases where the plaintext
password is matched
by some password encoder, but that should be very unlikely,
and the functionality is only a few months old, and only useful in
clustered environments,
so very few people are probably already using it.
Plus it has a simple fix, just go into the GUI and enter the right password
again

Would that be acceptable?

Cheers
Andrea

-- 
==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more
information.
==

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054  Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39  339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Reply via email to