Since catastrophe results from a Malicious Entity getting two pieces of information (your encrypted PP credential and the AES key), you probably should store these pieces of information in two separate places. Store the encrypted PP credential in your deployment, but make fetch the AES key from the datastore.
Jeff On Fri, May 27, 2011 at 12:46 AM, pavb <pavieillardba...@gmail.com> wrote: > Hi > > My paypal credential are encrypted with AES in the configuration files > of my web application and I am using the Jasypt libray to encrypt / > decrypt the data. > With my "old" application configuration I used a WebPBE configuration > (Web form) to enter the AES key at the server starting. But now it is > running on GAE and I could not enter the key each time a new instance > of my server will be started. > What is the best way to store securely this key? > Hard coded in my source files? > > Thanks > > PA > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine for Java" group. > To post to this group, send email to google-appengine-java@googlegroups.com. > To unsubscribe from this group, send email to > google-appengine-java+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/google-appengine-java?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to google-appengine-java@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
