search

JujaLabs / itevents

Resource to subscribe on it events
Apache License 2.0
7 stars 5 forks source link

#152 add global.properties #153

Closed vaa25 closed 8 years ago

vaa25 commented 8 years ago

connect to #152 add default.properties

witjem commented 8 years ago

Why do we use local.properties.TEMPLATE if we have default.properties ?

vaa25 commented 8 years ago

@roma-ilnitsky TEMPLATE is discribe your local.properties default.properties are common properties It's two different things

There you can replace any property you need from default.properties or add new secret property

I can't understand your question.

witjem commented 8 years ago

I think you have to remove from local.properties.TEMPLATE 

# AESCryptTokenService (template keys)
aes.init.vector.hex=000102030405060708090A0B0C0D0E0F
#The secret key must equal the size of the key.  For
#256-bit encryption, the binary secret key is 32 bytes.
#For 128-bit encryption, the binary secret key is 16 bytes.
aes.key.hex=000102030405060708090A0B0C0D0E0F
vaa25 commented 8 years ago

Overall this is a secret data and it must be in local.properties. But by default it can be in default.properties too.

witjem commented 8 years ago
alex-anakin commented 8 years ago

@vaa25, what is reason to save property for AESCryptTokenService in default.properties and in local.properties at the same time? About security. Our project is open-sourced. It stored in public repo. Anybody can read local.properties.TEMPLATE Using http.port=8080 in default.properties is not good practice. It is default port for many web applications. I understand that we can replace it value in local.properties, but...

I think doubling of properties will turn deploying of the project into a charade.

vaa25 commented 8 years ago

@alex-anakin @roma-ilnitsky what is reason to save property for AESCryptTokenService in default.properties and in local.properties at the same time? Really, why? If it is necessary for test, then it must be in test-local.properties. Nevertheless we can use that key to maintain our project until we have the real secret key, that we shall place into local.properties in future. Using http.port=8080 in default.properties is not good practice As you say many projects has that default property. So why our have to not have? If you don't like 8080, point me concrete number

alex-anakin commented 8 years ago

Now project hasn't values for aes.init.vector.hex and aes.key.hex neither in global.properties nor in local.properties.template. It would be problem for new team member (for example). I propose place the above-mentioned values in global.properties. When we will start production server then we can secure these values.

romach commented 8 years ago

@vaa25 what about

Now project hasn't values for aes.init.vector.hex and aes.key.hex neither in global.properties nor in local.properties.template. It would be problem for new team member (for example). I propose place the above-mentioned values in global.properties. When we will start production server then we can secure these values.

vaa25 commented 8 years ago

@romach what what about?

romach commented 8 years ago

@romach what what about?

@vaa25 do we nead aes.-properties in global.properties?

vaa25 commented 8 years ago

@romach we haven't aes in master yet

romach commented 8 years ago

@AndriyBaibak time spent: 30 minutes on code view

romach commented 8 years ago