You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jspwiki.apache.org by Jürgen Weber <ju...@jwi.de> on 2014/08/02 11:49:38 UTC

EncryptingFileProvider

Hi JSPWiki Devs,

I wonder if it might make sense to write an encrypting Fileprovider.

This might be useful you run your wiki installation with a provider you
cannot trust, whose technicans could look at your filesystem.

SSL builds encryption between user's browser and the Wiki-VM, storage could
be encrypted, too.

Accessing the memory (and unencrypted pages) of the running machine should
be difficult, I guess.

As for encryption passwords, how would one set them on session
initialization? Take the user password? This would not work for container
authorization.

Start a form immediately after login?

What do you think?

Greetings, Juergen

Re: EncryptingFileProvider

Posted by Jürgen Weber <ju...@jwi.de>.

Just found out, that there is already an old Jira:
https://issues.apache.org/jira/browse/JSPWIKI-205

We should have a look at it, it already has attached sources.

Juergen

Re: EncryptingFileProvider

Posted by Juan Pablo Santos Rodríguez <ju...@gmail.com>.

Hi Juergen,

I think it would be a nice to have option, mind opening a JIRA ticket so
this doesn't get lost? A possible use case could be wiki on a stick, where
you won't mind having the public pages stored on clear text, but perhaps
the private ones are safer encrypted.

As for the encryption passwords, I'd rather use a custom property on
jspwiki.property rather than the user's password. A user could change his
password, his account could be deleted, and then we won't be able to take
the page content back.. WDYT?

On Sat, Aug 2, 2014 at 11:49 AM, Jürgen Weber <ju...@jwi.de> wrote:

> Hi JSPWiki Devs,
>
> I wonder if it might make sense to write an encrypting Fileprovider.
>
> This might be useful you run your wiki installation with a provider you
> cannot trust, whose technicans could look at your filesystem.
>
> SSL builds encryption between user's browser and the Wiki-VM, storage could
> be encrypted, too.
>
> Accessing the memory (and unencrypted pages) of the running machine should
> be difficult, I guess.
>
> As for encryption passwords, how would one set them on session
> initialization? Take the user password? This would not work for container
> authorization.
>
> Start a form immediately after login?
>
> What do you think?
>
> Greetings, Juergen
>