It’s a very impressive GITEA and I’m impressed.
However, there is one thing that is regrettable about security.
The database password of the app.ini file is exposed as it is.
I wish there was a way to encrypt the database password.
I wonder if you have any good ideas.
You can’t. If you did, a decryption key would be needed for the software to start up, and unless you wanted to input that by hand every time you started Gitea, you’d have to store it in a file… and then you’re back in the same situation.
Who is going to see the contents of your app.ini file?
You’re right.
Encrypting passwords cannot be complete security,
We are based on spring framework for most application development.
Encrypt/decrypt files using Jsaypt.
ex) spring:
datasource:
sql-script-encoding: UTF-8
driver-class-name: org.mariadb.jdbc.Driver
url: ENC(fAcHYhDi1oSaAF8FcAEDQ==)
username: ENC(fncHYmDe8oSFAFV8FcAEDQ==)
password: ENC(Aqh1BctIkm9uBNolQ5xlSg==)
public class JasyptConfig {
public StringEncryptor stringEncryptor() {
PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
SimpleStringPBEConfig config = new SimpleStringPBEConfig();
config.setPassword("test");
config.setAlgorithm("PBEWithMD5AndDES");
config.setKeyObtentionIterations("1000");
config.setPoolSize("1");
config.setProviderName("SunJCE");
config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
config.setStringOutputType("base64");
encryptor.setConfig(config);
return encryptor;
}