Re: [Dev] [Cipher Tool] Persist the Key Store Password Permanently

2014-12-12 Thread Isuru Haththotuwa
On Fri, Dec 12, 2014 at 1:00 PM, Nirmal Fernando wrote: > > hmm.. then why we need to encrypt anything at all ? > Good point. AFAIS its sometimes a policy for certain environments to keep passwords encrypted. > > On Fri, Dec 12, 2014 at 5:29 PM, Isuru Haththotuwa > wrote: >> >> >> >> On Fri, De

Re: [Dev] [Cipher Tool] Persist the Key Store Password Permanently

2014-12-12 Thread Nirmal Fernando
hmm.. then why we need to encrypt anything at all ? On Fri, Dec 12, 2014 at 5:29 PM, Isuru Haththotuwa wrote: > > > > On Fri, Dec 12, 2014 at 12:56 PM, Nirmal Fernando wrote: >> >> But I wonder whether we could recommend this approach. If you get rid of >> key store password, you could decrypt a

Re: [Dev] [Cipher Tool] Persist the Key Store Password Permanently

2014-12-12 Thread Isuru Haththotuwa
On Fri, Dec 12, 2014 at 12:56 PM, Nirmal Fernando wrote: > > But I wonder whether we could recommend this approach. If you get rid of > key store password, you could decrypt any encrypted password, isn't it ? > Yes, that is true. However, for a secure deployment this is acceptable IMHO, specially

Re: [Dev] [Cipher Tool] Persist the Key Store Password Permanently

2014-12-12 Thread Nirmal Fernando
But I wonder whether we could recommend this approach. If you get rid of key store password, you could decrypt any encrypted password, isn't it ? On Fri, Dec 12, 2014 at 5:21 PM, Isuru Haththotuwa wrote: > > Thanks Pushpalanka. > > On Fri, Dec 12, 2014 at 12:44 PM, Pushpalanka Jayawardhana > wro

Re: [Dev] [Cipher Tool] Persist the Key Store Password Permanently

2014-12-12 Thread Isuru Haththotuwa
Thanks Pushpalanka. On Fri, Dec 12, 2014 at 12:44 PM, Pushpalanka Jayawardhana wrote: > > Hi, > > If this file is named 'password-persist', it will not be deleted. > > [1] - > http://ajithvblogs.blogspot.com/2014/01/secure-custom-properties-file-using.html > > "Note:~ This temp file(password-tmp)

Re: [Dev] [Cipher Tool] Persist the Key Store Password Permanently

2014-12-12 Thread Pushpalanka Jayawardhana
Hi, If this file is named 'password-persist', it will not be deleted. [1] - http://ajithvblogs.blogspot.com/2014/01/secure-custom-properties-file-using.html "Note:~ This temp file(password-tmp) will be delete after the server started. It implied that you have to create that file for every restar

[Dev] [Cipher Tool] Persist the Key Store Password Permanently

2014-12-12 Thread Isuru Haththotuwa
Hi, Is it possible to $subject, for the key store that is used to encrypt the plain text passwords? Currently AFAIU its stored in a temporary file, which will get deleted after the carbon server started. -- Thanks and Regards, Isuru H. +94 716 358 048* * __