You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@manifoldcf.apache.org by "Karl Wright (JIRA)" <ji...@apache.org> on 2012/09/06 15:57:07 UTC

[jira] [Comment Edited] (CONNECTORS-486) Optionally encrypt the file which the crawler configuration is exported to

    [ https://issues.apache.org/jira/browse/CONNECTORS-486?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13449683#comment-13449683 ] 

Karl Wright edited comment on CONNECTORS-486 at 9/7/12 12:55 AM:
-----------------------------------------------------------------

Seems reasonable to me.
Obviously if a passcode is entered and there is no salt value, the error message should be good enough to help the user understand what they need to do to fix the problem, correct?  Or will you provide a default value for the salt value, which is less secure but easier on the casual user?


                
      was (Author: kwright@metacarta.com):
    Seems reasonable to me.
Obviously if a passcode is entered and there is no salt value, the error message should be good enough to help the user understand what they need to do to fix the problem, correct?

                  
> Optionally encrypt the file which the crawler configuration is exported to
> --------------------------------------------------------------------------
>
>                 Key: CONNECTORS-486
>                 URL: https://issues.apache.org/jira/browse/CONNECTORS-486
>             Project: ManifoldCF
>          Issue Type: Improvement
>          Components: Framework agents process
>            Reporter: Erlend GarĂ¥sen
>            Assignee: Erlend GarĂ¥sen
>            Priority: Minor
>             Fix For: ManifoldCF 0.7
>
>
> The "org.apache.manifoldcf.crawler.ExportConfiguration" command class is exporting passwords, for instance to the configured Solr server (Solr Output Connector). This may be a security problem if the export file is version-controlled or placed on a public server.
> We should add an extra "no password" argument to the command class in order to skip such passwords.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira