|
From: SourceForge.net <no...@so...> - 2011-06-15 01:01:18
|
Bugs item #2819415, was opened at 2009-07-10 16:35 Message generated for change (Comment added) made by p_ansell You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=814189&aid=2819415&group_id=142631 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Configuration files Group: v0.9.0 >Status: Closed >Resolution: Wont Fix >Priority: 4 Private: Yes Submitted By: Peter Ansell (p_ansell) Assigned to: Peter Ansell (p_ansell) Summary: Simple method of authenticating configuration Initial Comment: Need a simple method of authenticating configurations in order to prevent hacking attempts. Need a method of normalising the configuration for a particular item before signing it and hashing it to double check maybe... Should be able to generate a NTriples string based on the configuration and then sort the lines (subject first, then predicate, then object) before making up a normalised representation and signing it. Any issues with sorting that come from the oddities of typed RDF literals should be fixed by a method which standardises the literals for a particular predicate to be all the same, so a single typed literal sorting algorithm will apply to all objects for a particular predicate. Use the import process as a filter to ensure that the final representation is validated using the Java Integer.parseInt etc., methods and apply the signature to whatever object is created by the import process. ---------------------------------------------------------------------- >Comment By: Peter Ansell (p_ansell) Date: 2011-06-15 11:01 Message: configuration files can be published using HTTPS from secure locations if necessary. ---------------------------------------------------------------------- Comment By: Peter Ansell (p_ansell) Date: 2010-05-25 14:14 Message: Useful code for this bug: http://java.sun.com/docs/books/tutorial/security/apisign/index.html ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=814189&aid=2819415&group_id=142631 |
