Difference between revisions of "JGridstart/Notes"

From PDP/Grid Wiki
Jump to navigationJump to search
(add HIGs)
(add template)
 
(25 intermediate revisions by the same user not shown)
Line 1: Line 1:
some notes on [[User:Wvengen@nikhef.nl/JGridStart]]
+
{{JGridstart}}some notes on [[JGridstart]]
  
* Private key
+
* Private key (&passphrase)
 
** keep in memory with timeout when appropriate
 
** keep in memory with timeout when appropriate
** make sure it doesn't hit swap, if possible
+
** make sure it doesn't hit swap, if possible -- [https://www.securecoding.cert.org/confluence/display/seccode/MEM06-C.+Ensure+that+sensitive+data+is+not+written+out+to+disk MEM06-C]
 +
** [https://www.securecoding.cert.org/confluence/display/java/MSC31-J.+Never+hardcode+sensitive+information?rootCommentId=26345518 MSC31-J] never hardcode sensitive information
 +
** make sure it's not serializable
 +
** Securing Java, part [http://softwaredev.earthweb.com/java/article/0,,12082_741921,00.html 1], [http://softwaredev.earthweb.com/java/article/0,,12082_756601,00.html 2] and [http://www.developer.com/java/article.php/767971 3].
 
* Human Interface Guidelines
 
* Human Interface Guidelines
 
** [http://library.gnome.org/devel/hig-book/stable/ Gnome HIG]
 
** [http://library.gnome.org/devel/hig-book/stable/ Gnome HIG]
 
** [http://developer.apple.com/documentation/userexperience/Conceptual/AppleHIGuidelines/ Apple HIG]
 
** [http://developer.apple.com/documentation/userexperience/Conceptual/AppleHIGuidelines/ Apple HIG]
 +
 +
==TODO==
 +
* passwords
 +
** try again when password fails, stop after a couple of times
 +
** show how many passwords remembered and add action to forget
 +
** separate ui from passwordcache, implement cli
 +
** warn properly when unsupported password on single PKCS#12 entries are found
 +
** [Mac] make sure password dialog is placed on top of the relevant window, not somewhere else
 +
* html viewer
 +
** on enter, go to next form element, or submit if at the end (like JEditorpane) -- upstream
 +
** make printing margins work, document on wiki, notify mailing list
 +
** [bug] [Win] html form cannot receive input unless the focus is removed from a form element and given back
 +
** [bug] [Mac] explicitely set base url in jar or stylesheet cannot be found
 +
* gui
 +
** Make default certificate bold and place on top of list
 +
** Import: if base64 encoding of cert/CSR is equal to another one ask whether to overwrite or ignore.
 +
** concurrency !!
 +
** [bug] selecting certificate in menu doesn't update certificatelist when an invalid certificate is present but it is not the last certificate
 +
** [bug] certificate list becomes empty after refresh when a certificate is removed from disk
 +
* Naming of certificate directories should be related to certificate date, not import date
 +
* give the possibility to re-upload a CSR (when no certificate present)
 +
* for email links to RA/CA, add DN and modulus.first20 in body
 +
 +
==Future ideas==
 +
* Make estimated guess for some request form fields
 +
** Organisation: ip-address, emailaddress (specify in organisations.conf); currently specified in jnlp/default properties
 +
** Name: from system user
 +
** Certification level: detect demo/tutorial from hostname/ip-range/systemname/...

Latest revision as of 12:39, 29 March 2012

<sidebar>

  • jGridstart
    • JGridstart|Home
    • JGridstart/Help|Help
    • JGridstart/Support|Support
  • jGridstart for ...
    • JGridstart/Certificate_Authorities|Certificate Authorities
    • JGridstart/Developers|Developers

</sidebar>some notes on JGridstart

  • Private key (&passphrase)
    • keep in memory with timeout when appropriate
    • make sure it doesn't hit swap, if possible -- MEM06-C
    • MSC31-J never hardcode sensitive information
    • make sure it's not serializable
    • Securing Java, part 1, 2 and 3.
  • Human Interface Guidelines

TODO

  • passwords
    • try again when password fails, stop after a couple of times
    • show how many passwords remembered and add action to forget
    • separate ui from passwordcache, implement cli
    • warn properly when unsupported password on single PKCS#12 entries are found
    • [Mac] make sure password dialog is placed on top of the relevant window, not somewhere else
  • html viewer
    • on enter, go to next form element, or submit if at the end (like JEditorpane) -- upstream
    • make printing margins work, document on wiki, notify mailing list
    • [bug] [Win] html form cannot receive input unless the focus is removed from a form element and given back
    • [bug] [Mac] explicitely set base url in jar or stylesheet cannot be found
  • gui
    • Make default certificate bold and place on top of list
    • Import: if base64 encoding of cert/CSR is equal to another one ask whether to overwrite or ignore.
    • concurrency !!
    • [bug] selecting certificate in menu doesn't update certificatelist when an invalid certificate is present but it is not the last certificate
    • [bug] certificate list becomes empty after refresh when a certificate is removed from disk
  • Naming of certificate directories should be related to certificate date, not import date
  • give the possibility to re-upload a CSR (when no certificate present)
  • for email links to RA/CA, add DN and modulus.first20 in body

Future ideas

  • Make estimated guess for some request form fields
    • Organisation: ip-address, emailaddress (specify in organisations.conf); currently specified in jnlp/default properties
    • Name: from system user
    • Certification level: detect demo/tutorial from hostname/ip-range/systemname/...