I'm developing BIRT reports, which are deployed as a WEBAPP on Jetty.
Currently all the passwords in my Connection Provider Stores are Base64 'encrypted', but I'm wondering if and how I can use another encryption algorithm for my encrypted-properties.
<encrypted-property name="odaPassword" encryptionID="base64" value="......."/>
I've read something about Encryption Extension Points but I'm not sure if this concept also applies to BIRT webapps and how to implement this / where to put them.
Best regards,
Richard
Base 64 is an encoding method, not an encryption method. See https://stackoverflow.com/a/4070709/2782404. What are you currently using for encryption?
Have you seen this example of encryption extension point implementation for BIRT? http://www.informit.com/articles/article.aspx?p=1748986&seqNum=6
If so, source code might be helpful for understanding your specific problem
Related
My team is using Kafka; we need to add encryption for security compliance reasons so that data is encrypted before it is published to Kafka and is decrypted when an authorized consumer consumes it from Kafka. I see Kafka offers TLS security options, but that doesn't seem to address our needs. TLS secures communication, but internally, data is still stored unencrypted. With some searching I see KIP-317: End to end encryption (https://cwiki.apache.org/confluence/display/KAFKA/KIP-317%3A+Add+end-to-end+data+encryption+functionality+to+Apache+Kafka
), which seems to address our use case, but that KIP seems like it stalled and never got finished.
One simple option is to add a simple custom encryption layer on top of the Kafka API. Programs publishing events to Kafka use an encryption library and encrypt the data before publishing events. Programs consuming events use an encryption library to decrypt messages consumed from Kafka. This would work and is simple.
Is there a better solution or a more standard solution?
As you suggested the easiest and most straight forward way to solve this is by encrypting the message before sending it and after you receive it at the application level and instead of sending an object you are sending a blob.
For a more elegant and optimized approach I would go with a custom serde though. One of the advantages of kafka is that the data is actually processed and manipulated in binary form so you are already using a serde to convert to and from binary.
Now by writing a custom serde you should be able to get no overhead other than the obvious one required to encrypt/decrypt the bytes. Furthermore, going this way allows you to make the encryption completely transparent to the application. You could easily have an unencrypted dev environment while using the encrypted serde in production just by changing 2 lines in application.properties (or equivalent), no recompile required. Furthermore you can have a single person working on the serde while the rest of the team works on the software. When the serde is done, you just drop it in and you have encryption.
You could also try and check repositories like this and this. You might be able to use them as they are, fork them or at least get some inspiration.
Disclaimer: Never tested any of the 3 links I referenced in this answer but the principle behind them is sound.
I'm developing a web app using Angular2 and Scala. And instead of using any big frameworks like Spring security that does everything for you, I'm thinking using just some libraries and write the system myself.
I plan to use JWT libraries to authenticate requests. Use hashing libraries to encrypt password storage in db.
What other things do I need to consider to make my system secure? I think I also need to think about CSRF and XSS? What else?
Thanks a lot!!!
I am developing an social app on iOS that have many-to-many relation, local persistency, and user interaction. I have tried using native Parse API in iOS and find it too cumbersome to do all the client-server logic. So my focus shifted to finding a syncing solution.
After some research I found AFIncrementalStore quite easy to use and it's highly integrated in CoreData. I just started to work on this and I have two questions to ask:
1) How to do the authentication process? Is it in AFRESTClient?
2) How to set up AFRESTClient to match Parse's REST API? (an example would be great!)
P.S. I also found FTASync, which seems to be another solution. Any thought on this framework?
Any general suggestion on client-server syncing solutions will be highly appreciated!
Thanks,
Lei Zhang
Back with iOS 5 Apple silently rolled out NSIncrementalStore to manage connection between APIs and persistent stores. Because I couldn't word it better myself:
NSIncrementalStore is an abstract subclass of NSPersistentStore designed to "create persistent stores which load and save data incrementally, allowing for the management of large and/or shared datasets". And while that may not sound like much, consider that nearly all of the database adapters we rely on load incrementally from large, shared data stores. What we have here is a goddamned miracle.
Source: http://nshipster.com/nsincrementalstore/
That being said, I've been working on my own NSIncrementalStore (built specifically for Parse and utilizing the Parse iOS/OS X SDK) and you're welcome to check out/use/contribute to the project at https://github.com/sbonami/PFIncrementalStore.
Take a look at this StackOverflow question and at Chris Wagner's article on raywenderlich.com.
The linked SO question has examples for how to include the authentication token with each request to Parse. So you'll just need to have the user log in first, and store their token to include it with each subsequent request.
Chris Wagner's tutorial has a sample AFHTTPClient named SDAFParseApiClient to communicate with the Parse REST API. You'd have to adapt it to be an AFRESTClient subclass, but it should give you a start.
Some other thoughts between the two solutions you're considering:
AFIncrementalStore does not allow the user to make any changes without a network connection, while FTASync keeps a full Core Data SQLite store locally and syncs changes to the server when you tell it to.
FTASync requires you to make all your synched managed objects subclasses of FTASyncParent, with extra properties for sync metadata. AFIncrementalStore keeps its metadata behind the scenes, not in your model.
FTASync appears not to be widely used and hasn't been updated in over a year; if you use it you will likely be maintaining it.
I am using firebird server 2.50. As far as I know there is no way to encrypt a database in Firebird. So how to secure the user data?
Manually encrypting all data before saving would cause trouble since i will not be able to use something like "starting with".
I use CentOs for Database servers. These servers are communicating with an Application Server which runs on Windows Server 2008.
Encryption is one kind of several protection measures which can be done against potential adversaries. And there are other methods too. You need common security analysis before you go with decision whether to encrypt or not, and if not than what. You have to look who are adversaries, where they could hit, etc-etc-etc. Blind use of encryption may be waste of resource/time/money/etc. Do security analysis first.
DB encryption is possible in version 3:
With Firebird 3 comes the ability to encrypt data stored in database. Not all of the database file is encrypted:
just data, index and blob pages.
To make it possible to encrypt a database you need to obtain or write a database crypt plug-in.
Refer to Firebird-3.0.0_Alpha1-ReleaseNotes for details
I'm creating a MonoTouch app that has some declarative business logic that the client doesn't want to be easily retrieved. Obviously, there's the usual argument that nothing in software can every be protected, but the client would prefer that it not be trivially easy to do.
I could encode the logic as C#, but it's cleaner if I could have it as an XML document or SQLite database (or other).
Is there a way of having an XML document or SQLite database embedded into the compiled code?
Failing that, has anyone tried encrypting XML files or SQLite databases (or another declarative technology) in MonoTouch apps and can point me in the right direction. I'm guessing it might be straightforward to decrypt an XML file, but it wouldn't surprise me if there a "gotcha" with doing this on the iPhone.
I've done this recently with an application that uses XmlSerialization. I used Rijndael (this one) to encrypt the data, which is saved to disk. Obviously the key is still visible in the binary for the most dedicated intruder, but for most it makes it difficult to casually view the XML.
In your case, you could do this and then add the XML file an embedded resource. I'm not sure how Monotouch implements embedded resources but they're fast to load.