Ignore:
Timestamp:
Apr 23, 2010, 11:02:31 AM (8 years ago)
Author:
duh
Message:
  • added crypto plugin
  • implemented blowfish encryption in Wizard Tag Library
  • implemented blowfish descryption in TemplateEditorController?
  • added shared secret configuration to Config.groovy
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/grails-app/controllers/dbnp/studycapturing/TemplateEditorController.groovy

    r373 r374  
    1616import dbnp.data.*
    1717import dbnp.studycapturing.*
     18import cr.co.arquetipos.crypto.Blowfish
    1819
    1920class TemplateEditorController {
     
    2627                if (params.entity) {
    2728                        // decode entity get parameter
    28                         entity = new String(params.entity.toString().decodeBase64())
     29                        if (grailsApplication.config.crypto) {
     30                                // generate a Blowfish encrypted and Base64 encoded string.
     31                                entity = Blowfish.decryptBase64(
     32                                        params.entity,
     33                                        grailsApplication.config.crypto.shared.secret
     34                                )
     35                        } else {
     36                                // base64 only; this is INSECURE! Even though it is not
     37                                // very likely, it is possible to exploit this and have
     38                                // Grails dynamically instantiate whatever class you like.
     39                                // If that constructor does something harmfull this could
     40                                // be dangerous. Hence, use encryption (above) instead...
     41                                entity = new String(params.entity.toString().decodeBase64())
     42                        }
    2943                }
    3044
Note: See TracChangeset for help on using the changeset viewer.