Re: PasswordTextField encryption - integrating Jasypt
|
View:
New views
2 Messages
—
Rating Filter:
Alert me
|
 |
Re: PasswordTextField encryption - integrating Jasypt
by dfernandez
::
Rate this Message:
Reply (Restricted by the Administrator) | Reply to Author | View Threaded | Show Only this Message Hello,
About this topic, I am the founder of a project called Jasypt (Java Simplified Encryption) [http://www.jasypt.org], which is aimed at easily adding robust encryption capabilities to java applications, be it password digesting or two-way text, binary, or number encryption (based on any JCE provider). I am still relatively new to wicket (although I really, really like what I am learning :-)), and I am interested in developing some kind of wicket - jasypt integration so that wicket applications can easily benefit from jasypt-based password encryption with little effort. This could be easily done by creating a wrapper for jasypt's PasswordEncryptor or StringDigester implementations, and make the wrapper itself implement wicket's ICrypt interface. Jasypt already performs Base64 encoding "out of the box" as required by Wicket 1.2. I would be happy to develop this integration for the next version of jasypt, unless you prefer to integrate jasypt directly into the ICrypt infrastructure of wicket (by providing something like a "StrongCrypt" implementation based on a digest algorithm stronger than PBEWithMD5AndDES), which would also be alright for me. What do you think? Did you already have any plans for improving this encryption infrastructure for Wicket 2.0? As further info, about user password encryption: http://www.jasypt.org/howtoencryptuserpasswords.html Regards, Daniel. On 7/19/07, Martijn Dashorst <martijn.dashorst@...> wrote: > > It is configurable: don't use PasswordTextField but TextField instead. > > The reason behind PTF's encryption is that we want to provide a secure > solution out-of-the-box. You can circumvent it, but then *you* need to > open up Pandorra's box, not us. Same with escaping markup while > outputting model values: the default is safe. > > Martijn > > On 7/19/07, David Rosenstrauch <darose@...> wrote: > > Just wondering: anyone know what's the reason behind 1) making > > PasswordTextField's automatically encrypting their contents by default, > > and 2) making this not configurable? > > > > I lost several hours debugging tonight till I finally pinpointed this as > > the cause of my bug. > > > > TIA, > > > > DR > > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by DB2 Express > > Download DB2 Express C - the FREE version of DB2 express and take > > control of your XML. No limits. Just data. Click to get it now. > > http://sourceforge.net/powerbar/db2/ > > _______________________________________________ > > Wicket-user mailing list > > Wicket-user@... > > https://lists.sourceforge.net/lists/listinfo/wicket-user > > > > > -- > Wicket joins the Apache Software Foundation as Apache Wicket > Apache Wicket 1.3.0-beta2 is released > Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.0-beta2/ > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Wicket-user mailing list > Wicket-user@... > https://lists.sourceforge.net/lists/listinfo/wicket-user > This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Wicket-user mailing list Wicket-user@... https://lists.sourceforge.net/lists/listinfo/wicket-user |
|
|
Re: PasswordTextField encryption - integrating Jasypt
by Eelco Hillenius
::
Rate this Message:
Reply (Restricted by the Administrator) | Reply to Author | View Threaded | Show Only this Message > About this topic, I am the founder of a project called Jasypt (Java
> Simplified Encryption) [http://www.jasypt.org], which is aimed at easily > adding robust encryption capabilities to java applications, be it password > digesting or two-way text, binary, or number encryption (based on any JCE > provider). > > I am still relatively new to wicket (although I really, really like what I > am learning :-)), and I am interested in developing some kind of wicket - > jasypt integration so that wicket applications can easily benefit from > jasypt-based password encryption with little effort. > > This could be easily done by creating a wrapper for jasypt's > PasswordEncryptor or StringDigester implementations, and make the wrapper > itself implement wicket's ICrypt interface. Jasypt already performs Base64 > encoding "out of the box" as required by Wicket 1.2. > > I would be happy to develop this integration for the next version of jasypt, > unless you prefer to integrate jasypt directly into the ICrypt > infrastructure of wicket (by providing something like a "StrongCrypt" > implementation based on a digest algorithm stronger than PBEWithMD5AndDES), > which would also be alright for me. What do you think? Either way could work. It's good we have compatible licenses to start with. For the rest... having it as an add-on for jasypt is cool, but you can also start a wicket-stuff project for this. Whatever works best for you. And don't forget to advertise on the WIKI :) > Did you already have > any plans for improving this encryption infrastructure for Wicket 2.0? Not really atm, but suggestions are always welcome. Cheers, Eelco ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ IMPORTANT NOTICE: This mailing list is shutting down. Please subscribe to the Apache Wicket user list. Send a message to: "users-subscribe at wicket.apache.org" and follow the instructions. _______________________________________________ Wicket-user mailing list Wicket-user@... https://lists.sourceforge.net/lists/listinfo/wicket-user |
| Free Forum Powered by Nabble | Forum Help |