From: David <ro...@us...> - 2009-01-26 22:39:09
|
<repost, originally sent directly to Mike> Hi Mike, to me your extension looks good and well done. Great stuff! We might attract quite a little following with S3 support. :-)) Some comments: (also see on your mail at the end) * Better not use Blowfish on CryptoStreams, the V3 format uses Twofish, which is one of the reasons why it was created (see PwsFileV3). I guess you just expected it to work like V1 / V2... * when I ran an ant build I got compile erros because of Base64: I suppose your import of a sun internal base64 class was accidental, I changed it to the s3 Version. By the way, running the ant build (all) for the lib project is also a good test case - try it ;-) * I also fixed a possible bug in FileConverter, just imagine a filename like /tmp/safefile.ps3 * Please replace the system out with log entries in the final code. * S3 Licence: where is the s3 jar from? Is its licence compatible with the artistic licence 2 of jpwsafe? Is it the JetS3t lib? * New sources: I'm note sure whether you know, but the copyright for all jpwsafe sources is held by the project lead (at the moment: me) in order to keep things simple. That's what the source code header states - I hope that's ok with you. Am Sonntag, den 25.01.2009, 10:20 -0500 schrieb Michael Tiller: > I've worked a fair amount on polishing the S3 stuff and it is in > pretty good shape now. I've written several tests (and re-orged them > as well). The S3 information is now stored directly in an encrypted > file (using the same passphrase as the data stored on S3). Using the same passphrase is sensible. > There is a one time only need to enter the access key and secret key > for S3 whenever creating a new S3 storage location. This can be done > two ways. First, it could be added to the SWT UI (it would have to > prompt the user for the access key, secret key and desired bucket name > whenever creating a new ".ps3" file). The alternative is to have a > separate UI just for generating the initial ".ps3" file (let me know > if you want a different extension). I certainly prefer to include it in the UI login screen. After merging, I suggest something like an "open other online safe" button on the login screen. Known online safes can simply be listed together with file based ones. Creating a new one can be part of the (future) password safe creation wizard. > Is it OK to go ahead and add ".ps3" (or whatever is agreed upon) as a > valid file extension in the UI? The .ps3 extension is reserved for postscript level 3 files. What about .psafes3 ? Or .pws3 ? > P.S. - I'm trying to apply for a group S3 account. The problem is > that it requires a credit card. I'm in the process of getting a > prepaid $20 gift card generated and I'll use that to start the S3 > account. $20 should be more than enough to support the tiny amount of > storage and bandwidth that testing would require. Needless to say, > don't store too much data in there or run the tests unnecessarily. If > the charges after the first month are too high, we'll look at how to > reduce it but I'm not worried. Great! I'm really looking forward to try it out. Tell if you're done with the lib changes, then I can merge the branch into trunk. We shouldn't wait too long. Next thing I want to do is to externalise strings, I would prefer to start that after the merge. Future Direction: I think it should be just as easy to add a webdav based online safe, as it's basically another https transport? Maybe I found a hint for the classnotfound exception on startup - it happened to me too on the S3 branch. Adding xercesimpl to the build path fixed it. But I can't reploduce it... Now nobody will stop us from world domination >:-> Cheers, David |