Re: Re: Encrypted JDBC Connection Settings

From: Michael Gentry (blacknex..mail.com)
Date: Wed Aug 30 2006 - 12:07:04 EDT

  • Next message: Michael Gentry (JIRA): "[JIRA] Created: (CAY-642) Add support for encrypted JDBC passwords"

    I meant to open a Jira issue, but forgot. I'll do that shortly and
    attach a screenshot.

    External file storage for the password is pretty important. One of
    the new rules for us is no passwords (encrypted or plain text) can be
    checked into the repository. Since model files are checked in, the
    password needs to be externally stored.

    I'll look at the <property> tags. I haven't started writing the new
    Java classes yet, so I'm not sure which is better. Will probably
    depend on the modeler changes.

    The problem with maintaining a patched 1.2 is there is a rule against
    making changes to open source software and deploying it. If we are
    approved to use 1.2, it has to be the 1.2 that can be downloaded. I
    might be able to swing a waiver or something on this, though. I
    totally understand you not wanting new features added to 1.2 (or 2.0).
     I'm just trying to fit things into the new rules here.

    Thanks!

    /dev/mrg

    On 8/30/06, Andrus Adamchik <andru..bjectstyle.org> wrote:
    >
    > On Aug 30, 2006, at 7:12 PM, Michael Gentry wrote:
    > > The only encryption I'll include with Cayenne in ROT13,
    > > which is incredibly weak and anyone can encode/decode with:
    > >
    > > tr "[a-m][n-z][A-M][N-Z]" "[n-z][a-m][N-Z][A-M]" < filename
    > >
    > > ROT13 will basically serve as an example for anyone wanting to
    > > implement something stronger. Now to the technical stuff ...
    >
    > That's pretty cool, I like that :-)
    >
    >
    > > Since I don't
    > > think I can send attachments to the list, please send me an e-mail if
    > > you'd like to see what the new pane will look like and I'll send you a
    > > PNG of the current mockup.
    >
    > You can upload screenshots to Wiki or Jira. Having a jira issue to
    > track the new feature is a good idea anyways.
    >
    >
    > > In a nutshell, you will be able to choose
    > > the password format (Plain Text, ROT13, User Defined ...), storage
    > > location (Model, External File), and an optional data string (such as
    > > a key) to be used by the encryption algorithm you supply (ROT13 and
    > > Plain Text will ignore the data string).
    >
    > do you think external file storage is important to have?
    >
    >
    > > XML changes:
    > >
    > > The DataNode XML file will need to have the <login/> element extended
    > > to support the encryption algorithm class, data string (key), and
    > > password location.
    >
    > Maybe just use <property> tags for all extra stuff? That's how
    > extensions are configured in cayenne.xml and *.map.xml at the moment.
    >
    >
    > > Andrus: What are your feelings about adding this to 1.2? We have to
    > > get software approved and since 2.0 isn't out yet (and is a clone of
    > > 1.2, anyway) and 3.0 is a development cut, 1.2 is the most politically
    > > correct one at the moment ...
    >
    > Sounds fine. One note - since we are not releasing new features in
    > 1.2 anymore, you'll probably have to maintain the patched version of
    > 1.2 on your own (or create a new branch in SVN). Just keep a log of
    > all the progress in Jira, so that we can propagate it straight to
    > 3.0 once it is done.
    >
    > Will this work for you? (That's how Mike K. is handling his patches).
    > I am very reluctant to open 1.2 to any *official* new development.
    >
    > Andrus
    >
    > P.S. We are very close to releasing 2.0, but that's a stable branch
    > as well :-)
    >
    >



    This archive was generated by hypermail 2.0.0 : Wed Aug 30 2006 - 12:07:27 EDT