Ignore:
Timestamp:
Apr 23, 2010, 11:02:31 AM (9 years ago)
Author:
duh
Message:
  • added crypto plugin
  • implemented blowfish encryption in Wizard Tag Library
  • implemented blowfish descryption in TemplateEditorController?
  • added shared secret configuration to Config.groovy
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/grails-app/taglib/dbnp/studycapturing/WizardTagLib.groovy

    r372 r374  
    44import dbnp.studycapturing.*
    55import dbnp.data.*
     6import cr.co.arquetipos.crypto.Blowfish
    67
    78/**
     
    564565                def entity = attrs.remove('entity')
    565566
    566                 // add the entity class name to the element as
    567                 // a base64 encoded string.
    568                 // TODO: encrypt this, instead of using base64!
    569                 //       As this class is instantiated elsewhere
    570                 //       this is a security hazard!
    571                 //               @see TemplateEditorController
    572                 attrs['entity'] = entity.toString().replaceAll(/^class /,'').bytes.encodeBase64()
     567                // add the entity class name to the element
     568                // do we have crypto information available?
     569                if (grailsApplication.config.crypto) {
     570                        // generate a Blowfish encrypted and Base64 encoded string.
     571                        attrs['entity'] = Blowfish.encryptBase64(
     572                                entity.toString().replaceAll(/^class /, ''),
     573                                grailsApplication.config.crypto.shared.secret
     574                        )
     575                } else {
     576                        // base64 only; this is INSECURE! As this class
     577                        // is instantiated elsewehere. Possibly exploitable!
     578                        attrs['entity'] = entity.toString().replaceAll(/^class /, '').bytes.encodeBase64()
     579                }
    573580
    574581                // fetch templates
Note: See TracChangeset for help on using the changeset viewer.