2 Replies Latest reply on Mar 21, 2009 10:15 AM by Anil Saldanha

    Password masking at the MC level

    Anil Saldanha Master

      I want to just place some of my thoughts here for future reference.

      Scott had broached the topic of some aspects to encrypt/decrypt bean properties which is on our TODO list.

      I also want to handle the issue of password masking (or any other sensitive bean properties) using XML encryption. It would be simple to encrypt the secret key using PKI but it is not very simple to deal with the keystore stuff (keystore password etc). Assuming that we know how to do key management properly (such as encrypting the tomcat keystore password for example which sets the JSSE keystore properties or other means of dealing with keystore), we can certainly use XML encryption to encrypt xml elements of MC bean definitions.

      A writeup from me recently is here:
      http://jboss.org/community/docs/DOC-13383

      Apache XML Security is currently packaged in JBAS. It is pretty straight forward to write an utility to encrypt/decrypt xml elements (either based on the one I started in JBID or the one Jason wrote for WSS support in JBossWS).

      I have not given too much thought on how to do it at the MC level yet but will in the next few days. We do have the concept of SubjectFactory in AS5 which is being injected into JCA connection factories. Maybe a specific implementation of SubjectFactory that can handle xml encryption may be good.

      Just some of my thoughts.