Hi Andreas This should possible with only changes in VFS transport. But after 8 or 7 in this month , I will not available until 28th . I will move document to some visible place.
Thanks Inidka On Fri, Apr 3, 2009 at 12:24 AM, Andreas Veithen <[email protected]> wrote: > I agree that it should be possible to use all Synapse features without > having to store cleartext passwords in the config files (and without > having them appear in log files). > > Just some random ideas about this topic: > > * Indika implemented a mechanism for exactly this, but for the moment > this is limited to data sources. There is some documentation about > this feature, but it is somewhat hidden in the Sample Setup guide. We > should have this documentation in a more prominent place. Maybe as a > subsection in the new Deployment guide? > > * As an alternative to usernames and passwords encoded in URLs, > Commons VFS supports authentication by passing a > org.apache.commons.vfs.UserAuthenticator object to the file system > provider. Maybe we should define a property in the message context to > allow to pass such an object to the transport. Alternatively we could > write an adapter so that we can handle e.g. HTTPS and VFS > authentication in the same way. > > * We should then have a mediator that builds the UserAuthenticator > using the password encryption mechanisms implemented by Indika. > > Any thoughts? > > Andreas > > On Thu, Apr 2, 2009 at 00:34, Kim Horn <[email protected]> wrote: >> It may, we are given simple text passwords by systems we have to >> interface too. FTP is still the largest B2B mechanism in the US :-). We >> cannot ask them to supply us anything else but a simple >> username/password; this is the reality of B2B. The only issue we have >> is that these are not kept in clear text in script files. In our domain >> this is illegal and in all other domains bad practise. So all we >> require is to be able to have these encrypted in any script files. I >> think this Jira suggests a stronger mechanism, sharing keys between SFTP >> servers, but is totally impractical in real world B2B. >> >> >> Kim >> >> -----Original Message----- >> From: Asankha Perera [mailto:[email protected]] On Behalf Of >> Asankha C. Perera >> Sent: Thursday, 2 April 2009 3:48 AM >> To: [email protected] >> Subject: Re: Can VFS SFTP Passwords be encrypted >> >> Hi Jay / Kim >>> A suggestion. SFTP can use PKI shared keys for authentication. The >> keys are host+user specific. >>> >>> I am not familiar enough with Synapse to know exactly how you'd go >> about it, but I do suggest that the answer lies in using PKI. >>> >> I guess https://issues.apache.org/jira/browse/SYNAPSE-507 is a proper >> solution for this.. and possibly we could already tweak VFS to do this.. >> >> cheers >> asankhaa >> >> -- >> Asankha C. Perera >> AdroitLogic, http://adroitlogic.org >> >> http://esbmagic.blogspot.com >> >> >> >> >> >
