Open andreabalducci opened 10 years ago
The proposal is
The server can handle clear text configuration if you do not care security. The server should give a web editor that permits editing the json config and using a password to encrypt the content.
Only people with the password will be able to edit and modify again the configuration.
Client will ask for encrypted configuration giving the password to the server.
Encripted config should contains an HMAC to verify the identity of the server, and verifying that the configuration is not altered.
What to include
Add a security layer for configuration dispatching.