Re: [stellation-res] Command line configuration specification

["Jonathan Gossage" <jonathan@xxxxxxxxxxxxxx>]

----- Original Message -----
From: "Jim Wright - IBM Research" <jwright@xxxxxxxxxxxxxx>
To: <stellation-res@xxxxxxxxxxxxxxx>
Sent: Monday, January 13, 2003 4:08 PM
Subject: Re: [stellation-res] Command line configuration specification


> At 03:45 PM 1/13/2003, Mark C. Chu-Carroll wrote:
> >On Mon, 2003-01-13 at 15:23, Jonathan Gossage wrote:
> > > > On Mon, 2003-01-13 at 14:42, Jonathan Gossage wrote:
> > > > > > - I'm a bit skeptical about encrypting the database admin
password.
> > > The
> > > > > >   question is, how do we encrypt it? I can't think of a way that
> > won't
> > > > > >   be easy to reverse engineer and determine the password.
> <snip>
>
> I don't know if you want to go this route -- but Eclipse has what is
> claimed to be
> a "cryptographically secure keyring facility" -- see
> org.eclipse.core.runtime.Platform.addAuthorizationInfo and related methods
> in the same class.    Since this is in core, it could be used by an
> Eclipse-based
> Stellation CLI.   The main benefit would be that we don't have to roll our
own
> secure store.
>
> This facility maps the tuple <URL serverUrl, String realm, String
authScheme>
> to a Map<String,String>, typically containing info such as usernames and
> passwords.
>
> Of course, this doesn't address the issue of keeping the access tuple
> secure -- for
> servers to start automatically, the access tuple must be
> a) hard-coded,
> b) stored in a server-local plugin config file or the like (which can be a
bit
> tricky to find, since it's buried in the Eclipse .metadata tree, but that
> wouldn't stop anyone determined with root-level server access),
> OR
> c) acquired by the server in some mystical fashion (telephone?  metal
> telepathy?).

You might have better luck with organic telepathy!

>
> Sorry, I only know how to do a) or b) ....
>
> - Jim
>

Regards

Jonathan