Presentation is loading. Please wait.

Presentation is loading. Please wait.

Encryption of Global Properties Richard McKnight Principal Consultant at Alfresco.

Published byLaura Mosley Modified over 8 years ago

Similar presentations

Presentation on theme: "Encryption of Global Properties Richard McKnight Principal Consultant at Alfresco."— Presentation transcript:

1

2 Encryption of Global Properties Richard McKnight Principal Consultant at Alfresco

3 What we will cover Why encrypt global properties? A look the technical implementation details. How to configure it. Where to get it.

4 Why Encrypt The biggest threat to data security comes from within Many organizations have policies to limit access to critical data and content sources

5 How Do Encrypted Properties Protect Data Limit access to back end components. Remember that the Alfresco repository has the following components Metadata which lives in the Database Content which lives in the file system Search indexes which also live on the file system.

6 How Do Encrypted Properties Protect Data A rogue employee with R/W access to both the database and the file system could Gain access to restricted content. Modify the state of the repository. Bypass auditing when doing all of the above without being detected

7 How Do Encrypted Properties Protect Data Without access to all the back end components. All access and updates to content must go through the Alfresco repository server Access through the repository server will trigger auditing Many organizations do not let developers access production systems.

8 Who Asks for this? Organizations that typically ask for this are: Government Agencies Financial Institutions Health Care Organizations This is useful for any organization that must safeguard sensitive information.

9 How We Did it Jasypt (Java Simplified Encryption) Library Public key to encrypt the sensitive properties Private key to decrypt the sensitive properties Encrypted properties exposed via an extension of PropertyPlaceholderConfigurer

10 Configuration Tools Public/private key generation utility Property encryption utility Special properties file to include the encrypted property values.

11 Runtime Support Repository Properties Shared Properties Property Placeholder Configurers Repository Properties Shared Properties Global Properties

12 Runtime Support Repository Properties Shared Properties Encrypted Properties Property Placeholder Configurers Public Private Key Encryptor Encrypted Properties Private Key Repository Properties Shared Properties Global Properties

13 We Do Not Use the Keystore The location of the keystore is defined in the properties files This information is not available at the time that access to the private key is needed. The private key is located in a specific location under $ALFRESCO_HOME

14 How to Configure it Generate the Public and Private Keys Protect the Private Key Generate the encrypted values for your sensitive properties Add these properties to the encrypted properties files Use the properties in alfresco- global.properties

15 Process Key Generation Public Key Plain text property Encryption Private Key Encrypted Property chmod Encrypted Properties File Global Properties File Create Encrypted Properties File Use Encrypted Properties

16 Process Key Generation Public Key Plain text property Encryption Private Key Encrypted Property chmod Encrypted Properties File Global Properties File Create Encrypted Properties File Use Encrypted Properties

17 Process Key Generation Public Key Plain text property Encryption Private Key Encrypted Property chmod Encrypted Properties File Global Properties File Create Encrypted Properties File Use Encrypted Properties

18 Sample alfresco-encrypted.properties db.password.enc=ENC(QcAf1Lr81meuP2p6Lu9ZQqFY1AsCfoWd)

19 Process Key Generation Public Key Plain text property Encryption Private Key Encrypted Property chmod Encrypted Properties File Global Properties File Create Encrypted Properties File Use Encrypted Properties

20 Sample alfresco-global.properties db.password=${db.password.enc}

21 How Can I Get This? This will be part of Alfresco Version 5-0

22 What if I Can’t Wait? Please consult support regarding availability of a 4.x version of this.

23 Thank You! Rich McKnight richard.mcknight@alfresco.com Twitter: @rmknightstar http://www.oldschooltechie.com http://pinterest.com/rmknightstar/alfresco-software-tech-tips

Download ppt "Encryption of Global Properties Richard McKnight Principal Consultant at Alfresco."

Similar presentations

Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.

Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.
28 March 2003e-MapScholar: content management system The e-MapScholar Content Management System (CMS) David Medyckyj-Scott Project Director.

28 March 2003e-MapScholar: content management system The e-MapScholar Content Management System (CMS) David Medyckyj-Scott Project Director.
Chapter 5: Hiding implementation ● Two viewpoints regarding classes: – Implementor of a class: knows everything about class – User of a class: Only wants.

Chapter 5: Hiding implementation ● Two viewpoints regarding classes: – Implementor of a class: knows everything about class – User of a class: Only wants.
Enhanced XA Security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services 704-814-0004.

Enhanced XA Security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services
Unveiling ProjectWise V8 XM Edition. ProjectWise V8 XM Edition An integrated system of collaboration servers that enable your AEC project teams, your.

Unveiling ProjectWise V8 XM Edition. ProjectWise V8 XM Edition An integrated system of collaboration servers that enable your AEC project teams, your.
Information Security Policies Larry Conrad September 29, 2009.

Information Security Policies Larry Conrad September 29, 2009.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
MITP 458 Application Layer Security By Techjocks.

MITP 458 Application Layer Security By Techjocks.
CONTENT: A model for collaborative database building Trevor Bond Alan Cornish Washington State University Libraries.

CONTENT: A model for collaborative database building Trevor Bond Alan Cornish Washington State University Libraries.
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
Access control and user management in Apache 1WUCM1.

Access control and user management in Apache 1WUCM1.
SiS Technical Training Development Track Day 7. Agenda  Understand Component Interface  Understand Excel to CI  Practice Data Loading using ECI (Instructor.

SiS Technical Training Development Track Day 7. Agenda  Understand Component Interface  Understand Excel to CI  Practice Data Loading using ECI (Instructor.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
GyanSys Contact: Phone: 317-580-4200 Simplified Document Management Faster, Better, Stronger Search Integration - Site Mailbox.

GyanSys Contact: Phone: Simplified Document Management Faster, Better, Stronger Search Integration - Site Mailbox.
1 © 2001, Cisco Systems, Inc. All rights reserved. Voice Connector Features 4.0.5 Voicemail Interoperability – 4.0(5) Voice Connector features Rahul Singh.

1 © 2001, Cisco Systems, Inc. All rights reserved. Voice Connector Features Voic Interoperability – 4.0(5) Voice Connector features Rahul Singh.
Talend 5.4 Architecture Adam Pemble Talend Professional Services.

Talend 5.4 Architecture Adam Pemble Talend Professional Services.
WorkPad 4 Quick Start www.businessoptix.com. WorkPad 4 Quick Start  Business Optix brings the rigor and discipline of business modelling and design into.

WorkPad 4 Quick Start WorkPad 4 Quick Start  Business Optix brings the rigor and discipline of business modelling and design into.
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.

Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.
Interoperability with CMIS and Apache Chemistry

Interoperability with CMIS and Apache Chemistry

Similar presentations

Ads by Google