You could easily extend the PasswordClass to use a encryption key. You add a field in PasswordMetaClass to tell it which encryption key to use from the xwiki.cfg class Then you use the same code as the authentication system to encrypt/decrypt (there are already somes keys in xwiki.cfg for that, so there has to be code). Ludovic jeremi joslin a écrit :
On 3/29/06, Robin Fernandes <[email protected]> wrote:
Hi,
I'd like to allow users to access the a web services from XWiki documents via a plugin. However, the web service requires user-specific passwords. What is the best approach to deal with this?
One option is to add "Password Class" fields to the XWikiUsers class, and adapt the user template to allow users to set their password when they edit their page. The field's value is not displayed on the page, but the passwords are stored in the XWiki database in plain text, and the user's page is found if a wide search is ran on a substring of the password.
Could also add methods to the plugin that store passwords in the database after encrypting them with some private key; they'd then get decrypted within the plugin code before being sent to the web service. This isn't bad, but maybe you guys have better ideas! :)
If i have to do it, maybe I will do the first choice. The password can be searched, but cannot be viewed. it's like if someone try to login to the web service. If you have strong password it's not a big deal. But if you don't like this method, you can send the password to the plugin, encrypt it, and save it on the XWikiUsers class.
Jérémi -- Blog: http://www.jeremi.info LinkedIn: https://www.linkedin.com/profile?viewProfile=&key=1437724 Project Manager XWiki: http://www.xwiki.org skype: jeremi23 -- msn et gtalk : [email protected]
------------------------------------------------------------------------
-- You receive this message as a subscriber of the [email protected] mailing list. To unsubscribe: mailto:[email protected] For general help: mailto:[email protected]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
-- Ludovic Dubost XPertNet: http://www.xpertnet.fr/ Blog: http://www.ludovic.org/blog/ XWiki: http://www.xwiki.com Skype: ldubost AIM: nvludo Yahoo: ludovic