The apache repo allows to use passwords when enforcing readonly access.
The current implementation is securitywise weak as anyone can remove te restrictions.
public void enforceReadonlyProtection(java.lang.String password,
HashAlgorithm hashAlgo)
Enforces the readOnly protection with a password.
sample snippet from settings.xml
<w:documentProtection w:edit="readOnly" w:enforcement="1"
w:cryptProviderType="rsaAES" w:cryptAlgorithmClass="hash"
w:cryptAlgorithmType="typeAny" w:cryptAlgorithmSid="14"
w:cryptSpinCount="100000" w:hash="..." w:salt="...."
/>
Parameters:
password - the plaintext password, if null no password will be applied
hashAlgo - the hash algorithm - only md2, m5, sha1, sha256, sha384 and sha512 are supported. if null, it will default default to sha1
The apache repo allows to use passwords when enforcing readonly access. The current implementation is securitywise weak as anyone can remove te restrictions.
See the official apache docs