Re: [stellation-res] Command line configuration specification

[Jim Wright - IBM Research <jwright@xxxxxxxxxxxxxx>]

At 03:45 PM 1/13/2003, Mark C. Chu-Carroll wrote:
> On Mon, 2003-01-13 at 15:23, Jonathan Gossage wrote:
> > > On Mon, 2003-01-13 at 14:42, Jonathan Gossage wrote:
> > > > > - I'm a bit skeptical about encrypting the database admin password.
> > The
> > > > >   question is, how do we encrypt it? I can't think of a way that 
> won't
> > > > >   be easy to reverse engineer and determine the password.
<snip>

I don't know if you want to go this route -- but Eclipse has what is 
claimed to be
a "cryptographically secure keyring facility" -- see
org.eclipse.core.runtime.Platform.addAuthorizationInfo and related methods
in the same class.    Since this is in core, it could be used by an 
Eclipse-based
Stellation CLI.   The main benefit would be that we don't have to roll our own
secure store.

This facility maps the tuple <URL serverUrl, String realm, String authScheme>
to a Map<String,String>, typically containing info such as usernames and 
passwords.

Of course, this doesn't address the issue of keeping the access tuple 
secure -- for
servers to start automatically, the access tuple must be
a) hard-coded,
b) stored in a server-local plugin config file or the like (which can be a bit
tricky to find, since it's buried in the Eclipse .metadata tree, but that
wouldn't stop anyone determined with root-level server access),
OR
c) acquired by the server in some mystical fashion (telephone?  metal 
telepathy?).

Sorry, I only know how to do a) or b) ....

- Jim


--
Jim Wright, IBM T.J. Watson Research Center
*** The Stellation project: Advanced SCM for Collaboration
*** http://www.eclipse.org/stellation
*** Work Email: jwright@xxxxxxxxxxxxxx ------- Personal Email: 
jim.wright@xxxxxxx