Re: Re: Re: Re: Encrypted JDBC Connection Settings

From: Michael Gentry (blacknex..mail.com)
Date: Mon Sep 11 2006 - 11:07:30 EDT

Next message: Dave Dombrosky (JIRA): "[JIRA] Created: (CAY-652) Exception with Tomcat's session restore capability"

Previous message: Neil Pierson (JIRA): "[JIRA] Created: (CAY-651) Add convenience method to create missing DB_PATH expressions where there is a corresponding OBJ_PATH expression"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

OK, I'm including legal-discuss in this thread. If someone from
legal-discuss could look over the issues/changes proposed in the
thread below and reply, I would appreciate it. I have looked over:

http://www.apache.org/dev/crypto.html

The details on the proposed additions can be found in this thread
(this is in the middle, but it is where the start of the real details
appears):

http://mail-archives.apache.org/mod_mbox/incubator-cayenne-dev/200608.mbox/%3cf65b8ae30608300812p4c2966dal79bed3730994e24..ail.gmail.com%3e

Tiny URL of above if the link gets broken: http://tinyurl.com/gsrr5

Thanks very much in advance. Also, please include the Cayenne list
(reply-all) on any replies since I'm not subscribed to legal-discuss.

Thanks again!

/dev/mrg

On 8/31/06, Mike Kienenberger <mkienen..mail.com> wrote:
> Michael,
>
> Maybe you could ask on legal-discus..pache.org and see what comes of it.
>
> I think you're right in that there's a certain minimum level of
> complexity required in the encryption algorithm before it qualifies.
>
> Note that the "'specially designed' to use" part only applies to other
> controlled encryption products.
>
> On 8/30/06, Michael Gentry <blacknex..mail.com> wrote:
> > What if you aren't using Java encryption APIs? The only thing I plan
> > to add is modeler conveniences such that you can create your own
> > encryption facilities. (Someone can already write this for
> > themselves, too.) I'm not planning on checking in actual encryption
> > code (I can't imagine ROT13 would be considered encryption these
> > days). I thought "product distributions that contain or are
> > 'specially designed' to use cryptography" meant Cayenne as shipped
> > would be actively using encryption as part of its operation (such as
> > requiring OpenSSL for something). Of course, I'm not a lawyer ...
> >
> > Thanks,
> >
> > /dev/mrg
> >
> >
> > On 8/30/06, Mike Kienenberger <mkienen..mail.com> wrote:
> > > On 8/30/06, Michael Gentry <blacknex..mail.com> wrote:
> > > > Thanks for the link, Jean. I'm about ready to get started on adding
> > > > this feature. The only encryption I'll include with Cayenne in ROT13,
> > > > which is incredibly weak and anyone can encode/decode with:
> > >
> > > From my understanding, providing the ability to use encryption is
> > > sufficient grounds to require registration. I'm pretty sure that for
> > > MyFaces we need to register simply because we use the Java encryption
> > > apis.
> > >
> >
>

Next message: Dave Dombrosky (JIRA): "[JIRA] Created: (CAY-652) Exception with Tomcat's session restore capability"
Previous message: Neil Pierson (JIRA): "[JIRA] Created: (CAY-651) Add convenience method to create missing DB_PATH expressions where there is a corresponding OBJ_PATH expression"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2.0.0 : Mon Sep 11 2006 - 11:07:54 EDT