[Esapi-user] store encyrptor.masterkey encrypted

chrisisbeef at gmail.com chrisisbeef at gmail.com
Fri Jan 29 15:14:13 EST 2010


Hi Yi Li -

Which version of the ESAPI are you working with?

On Fri, Jan 29, 2010 at 11:48 AM, Yi Li <yi.li26 at gmail.com> wrote:
greetings, all:
    will appreciate if anyone could provide insight here.
    I would like to store the master encryption key (encryptor.masterkey) with some sort of protection, instead of keeping it clear text in the properities file even though i can place access control via the file system.
   i am thinking to either store the encryption key either in a database or in a flat file but encrypted (where to store the master's master key become another problem to solve).
   will appreciate if anyone could point me to an implementation that will support this or point me the way to write my own implementation to implement this.
  thanks in advance.

_______________________________________________
Esapi-user mailing list
Esapi-user at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/esapi-user



-- 
Chris Schmidt

OWASP ESAPI Developer
http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API

Check out OWASP ESAPI for Java
http://code.google.com/p/owasp-esapi-java/

OWASP ESAPI for JavaScript
http://code.google.com/p/owasp-esapi-js/

Yet Another Developers Blog
http://yet-another-dev.blogspot.com

Bio and Resume
http://www.digital-ritual.net/resume.html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100129/7bbd6670/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 271 bytes
Desc: OpenPGP digital signature
Url : https://lists.owasp.org/pipermail/esapi-user/attachments/20100129/7bbd6670/attachment.bin 


More information about the Esapi-user mailing list