Obfuscation support

Question

Obfuscation support

Closed this issue 10 years ago · 3 comments

It is often necessary to store passwords in configuration files. It would be useful to be able to obfuscate and/or encrypt these passwords so they don't appear in plain text when reading from/writing to configuration.

For example,

@Obfuscated
String getPassword()

might expect to read/write a Base64 (or other) encoded password from a file, but return the plain text password in Java. For slightly better security, one might want to encrypt them, e.g.

@Encrypted({key = passwordKey})
String getPassword()

where passwordKey is a byte[] buried somewhere in the code. Not entirely foolproof, but probably better than a simple
password=Joshua

Answer 1 · 2014-06-29T08:51:13.000Z

This would need to be honoured for the round-trip to XML and Properties instances too

Answer 2 · 2014-06-29T13:55:04.000Z

Another way to implement this may be to provide the name of a class that implements an interface that will simply transform the value to and from the serialised form.

Answer 3 · 2014-12-30T10:55:44.000Z

Might be able to tie this in with Issue #15 (Custom Types) by allowing a custom class with a fromString(encrypted) and toString()