For security no applications, specially scripts, should have passwords kept
in clear text. Currently we encrypt all passwords in Synapse.xml files and
use a Java Class Mediator to decrypt them and to place them in the SOAP or
message context Transport.
However STFP and VFS Proxy and endpoint pose a problem and I cannot see how
they can be used
without exposing the password in clear text:
<proxy name="StockQuoteProxy" transports="vfs">
<parameter
name="transport.vfs.FileURI">vfs:sftp://myusername:mypassw...@somehost/home/download?vfs.passive=true</parameter>
.............
</proxy>
<send>
<endpoint>
<address
uri="vfs:sftp://myusername:mypassw...@somehost/home/upload?vfs.passive=true"/>
</endpoint>
</send>
This suggests many problems with VFS:
- How can an encrypted password alone be used and unencrypted .
- If not the password then encrypt the whole parameter 'name' How can the
VFS proxy parameter name be set from a property, or registry entry.
- Where then can Java can be used to decrypt it.
- How could the property be set prior to Proxy invocation ? ( a start up
script approach is required. task ?). Maybe like the DataBase info VFS stuff
can be placed in start up properties file.
Any suggestions to make the synapse secure ?
Thanks
Kim
--
View this message in context:
http://www.nabble.com/Can-VFS-SFTP-Passwords-be-encrypted-tp22821249p22821249.html
Sent from the Synapse - User mailing list archive at Nabble.com.
