You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jspwiki.apache.org by Jürgen Weber <ju...@jwi.de> on 2014/08/02 11:49:38 UTC
EncryptingFileProvider
Hi JSPWiki Devs,
I wonder if it might make sense to write an encrypting Fileprovider.
This might be useful you run your wiki installation with a provider you
cannot trust, whose technicans could look at your filesystem.
SSL builds encryption between user's browser and the Wiki-VM, storage could
be encrypted, too.
Accessing the memory (and unencrypted pages) of the running machine should
be difficult, I guess.
As for encryption passwords, how would one set them on session
initialization? Take the user password? This would not work for container
authorization.
Start a form immediately after login?
What do you think?
Greetings, Juergen
Re: EncryptingFileProvider
Posted by Jürgen Weber <ju...@jwi.de>.
Just found out, that there is already an old Jira:
https://issues.apache.org/jira/browse/JSPWIKI-205
We should have a look at it, it already has attached sources.
Juergen
Re: EncryptingFileProvider
Posted by Juan Pablo Santos Rodríguez <ju...@gmail.com>.
Hi Juergen,
I think it would be a nice to have option, mind opening a JIRA ticket so
this doesn't get lost? A possible use case could be wiki on a stick, where
you won't mind having the public pages stored on clear text, but perhaps
the private ones are safer encrypted.
As for the encryption passwords, I'd rather use a custom property on
jspwiki.property rather than the user's password. A user could change his
password, his account could be deleted, and then we won't be able to take
the page content back.. WDYT?
On Sat, Aug 2, 2014 at 11:49 AM, Jürgen Weber <ju...@jwi.de> wrote:
> Hi JSPWiki Devs,
>
> I wonder if it might make sense to write an encrypting Fileprovider.
>
> This might be useful you run your wiki installation with a provider you
> cannot trust, whose technicans could look at your filesystem.
>
> SSL builds encryption between user's browser and the Wiki-VM, storage could
> be encrypted, too.
>
> Accessing the memory (and unencrypted pages) of the running machine should
> be difficult, I guess.
>
> As for encryption passwords, how would one set them on session
> initialization? Take the user password? This would not work for container
> authorization.
>
> Start a form immediately after login?
>
> What do you think?
>
> Greetings, Juergen
>