Proposal to make Mediators more flexible

[Kim Horn <ki...@icsglobal.net>]

No the main point is that "parameters" should be like variables, open to
being set by the program, rather than being fixed as text only in a
Synapse Script. This is a general problem with Synapse language. Below
suggest a new way to set up Mediators that makes Synapse more flexible
and a General password container solution for Synapse.

Re your specific point:
In most B2B cases in our industry today, SFTP is set by external
partners that can only give you a username and password.
So we have to use this mechanism; using keys would not be feasible.

Passwords exposed as text is also a serious security fault with the
synapse database stuff too. 
<pool>
        <driver>org.apache.derby.jdbc.ClientDriver</driver>
        <url>jdbc:derby://localhost:1527/synapsedb;create=false</url>
        <user>synapse</user>
        <password>synapse</password>
</pool>

For example, In OpenESB using the database and SFTP components a
password is hidden by "*****" when entered; I am suggesting a similar
thing; but in the synapse script the text for the password is an
encrypted one.

The above synapse code for <pool> introduces a yet another language
mechanism; why do some mediators have "parameters", some "properties"
and others just random "tags".  Seems like the Synapse "language" is out
of control. All of these should be open to being set by the script.
Solution suggested below.

Our solution now is to place all the VFS stuff and all Data base stuff
in Java Class Mediators, where the passwords can be encrypted; As the
Synapse mediators are not open to script manipulation. However this
defeats the purpose of Synapse; as we are now just writing a big Java
program held together with a few lines of Synapse script that make no
sense at all. 

Seems to me, writing an FTP to Web Service mediator for a "real" world
application is way beyond Synapse at the moment.

A General Proposal is that All passwords for use anywhere in Synapse can
be stored somewhere (registry ?) where they are
Encrypted and then Synapse knows how to decrypt them (a configured seed)
then inject them into the particular mediator service; The services
should include:
- SFTP
- database
- filesystem
- java code
- WS-Security
- In Soap Message
- In Transport Header

Currently we do this for WS-security and Transport using a custom class
mediators; that injects the decrypted password; but the mechanisms, in
Synapse, are not in place for the others and for VFS there is no Payload
to enter the username. So for these you see:

   <property name="Username" value="kim"/>
    <property name="Password" value="JZVmXIledfq9jBmwFZb0Aw=="/>
    <class name="net.icsglobal.thelma.synapse.ThelmaWebAuth"/>

- to do basic auth in Transport

OR
    <class name="net.icsglobal.thelma.synapse.ThelmaWSSAuth"/>

- to do WS-Security

An alternative idea for SFTP / VFS is to introduce the concept of a
"payload" or XML property that is configured prior to polling the SFTP
server. The payload is an XML message containing all Parameters for SFTP
via VFS. In this way the payload can be mediated and changed by scripts
prior to calling VFS.... In this way an encrypted password can be
injected via a class mediator.

A more general solution is that every mediator has an XML property added
to the messageContext for its control.
Each mediator can be called using its XML element (property) that is
open to program manipulation just like any other part of the
messageContext. So for VFS have all of this in a property, a piece of
data:

<VFSMediatorParameters>
    <mediatorID>KimsVFS-1</mediatorID>
    <transport>SFTP</ transport>
    <contentType>text/plain</contentType >
    <fileNamePattern">.*837</ fileNamePattern >
    <pollInterval>15</pollInterval>
    <username>kim</username>
    <password>fgfuASFDf124dj</password>
</VFSParameters>

The ID=KimsVFS-1 maps the xml data to the synapse script; like the use
of keys.

So could call VFS like:

<proxy name="getSFTPData from Fred" type="VFS" key="KimsVFS-1">

The above <VFSMediatorParameters> are set up prior to call and added to
messageContext.

This solution removes the many different and weird language elements in
synapse for setting up mediators; Just have one; an XML structure in a
property of the messageContext. This makes Synapse massively more
flexible. The current approach with many parameters, properties and tags
could just map these to an XML structure above if users wanted to do it
the current way.


Kim



-----Original Message-----
From: Jaeger, Jay - DOT [mailto:Jay.Jaeger@dot.wi.gov] 
Sent: Thursday, 2 April 2009 12:55 AM
To: 'user@synapse.apache.org'
Subject: RE: Can VFS SFTP Passwords be encrypted

A suggestion.  SFTP can use PKI shared keys for authentication.  The
keys are host+user specific.

I am not familiar enough with Synapse to know exactly how you'd go about
it, but I do suggest that the answer lies in using PKI.

JRJ

-----Original Message-----
From: kimhorn [mailto:kim.horn@icsglobal.net]
Sent: Wednesday, April 01, 2009 2:31 AM
To: user@synapse.apache.org
Subject: Can VFS SFTP Passwords be encrypted



For security no applications, specially scripts, should have passwords
kept
in clear text. Currently we encrypt all passwords in Synapse.xml files
and
use a Java Class Mediator to decrypt them and to place them in the SOAP
or
message context Transport.

However STFP and VFS Proxy and endpoint pose a problem and I cannot see
how
they can be used
without exposing the password in clear text:

  <proxy name="StockQuoteProxy" transports="vfs">
          <parameter
name="transport.vfs.FileURI">vfs:sftp://myusername:mypassword@somehost/h
ome/download?vfs.passive=true</parameter>
  .............
</proxy>


<send>
   <endpoint>
      <address
uri="vfs:sftp://myusername:mypassword@somehost/home/upload?vfs.passive=t
rue"/>
   </endpoint>
</send>


This suggests many problems with VFS:
- How can an encrypted password alone be used and unencrypted .
- If not the password then encrypt the whole parameter 'name' How can
the
VFS proxy parameter name be set from a property, or registry entry.
- Where then can Java can be used to decrypt it.
- How could the property be set prior to Proxy invocation ? ( a start up
script approach is required. task ?). Maybe like the DataBase info VFS
stuff
can be placed in start up properties file.

Any suggestions to make the synapse secure ?


Thanks
Kim



--
View this message in context:
http://www.nabble.com/Can-VFS-SFTP-Passwords-be-encrypted-tp22821249p228
21249.html
Sent from the Synapse - User mailing list archive at Nabble.com.