Try to simplify sensitive config value for user
We now always put the "pl:" prefix for plain text to make it obvious
in the Dashboard that we actually did something. The explanation text
has also been improved.
diff --git a/resources/com/google/enterprise/adaptor/resources/index.html b/resources/com/google/enterprise/adaptor/resources/index.html
index 0a6af83..70306ae 100755
--- a/resources/com/google/enterprise/adaptor/resources/index.html
+++ b/resources/com/google/enterprise/adaptor/resources/index.html
@@ -88,18 +88,18 @@
<h2>Adaptor Configuration</h2>
<table id="gaf-config-table"></table>
- <h2>Sensitive Value Encoding</h2>
- <p>Passwords and other security-sensitive configuration values are not saved
- as simple plain-text in the configuration. Instead, they are encoded using
- one of three methods.
- <li><strong>Plain text</strong> allows the password or other information to
- be read by anybody who can read the configuration.
- <li><strong> Obfuscated</strong> encodes the information in a highly
- unreadable format, but it is possible for anyone to retrieve the original
- text.
- <li><strong>Encrypted</strong> uses your HTTPS encryption key to encrypt the
- value. An encrypted value is tied to the encryption key, so it cannot be
- copied between Adaptors.</p>
+ <h2>Storing Sensitive Values</h2>
+ <p>Passwords and other security-sensitive configuration values can be
+ specified in configuration as <code>prefix:data</code>, where the prefix
+ specifies how the value is stored. The value can be stored as:
+ <li><strong>Plain text</strong> allowing the password or other information
+ to be read by anybody who can read the configuration. Denoted by "pl"
+ prefix.
+ <li><strong>Obfuscated</strong> where the information in a highly unreadable
+ format, but it is possible for anyone to retrieve the original text.
+ Denoted by "obf" prefix.
+ <li><strong>Encrypted</strong> which uses your HTTPS encryption key to
+ encrypt the value. Denoted by "pkc" prefix.</p>
<p><form id="gaf-sec-form">
Sensitive Value: <input type="password" name="secvalue" id="#gaf-sec-value">
<br>
diff --git a/src/com/google/enterprise/adaptor/SensitiveValueCodec.java b/src/com/google/enterprise/adaptor/SensitiveValueCodec.java
index 99d8440..a228eb0 100644
--- a/src/com/google/enterprise/adaptor/SensitiveValueCodec.java
+++ b/src/com/google/enterprise/adaptor/SensitiveValueCodec.java
@@ -84,14 +84,11 @@
String encoded;
switch (security) {
case PLAIN_TEXT:
+ // We always apply the prefix, even if it isn't strictly necessary. This
+ // is to make it obvious that the process actually did something to the
+ // user and makes them more aware of the pl: prefix if they need to use
+ // it.
encoded = readable;
- if (!encoded.contains(":")) {
- // If the string contains something that may be a prefix, then we want
- // to go through the normal process of adding a the prefix. Otherwise,
- // there should be little chance it will be mis-interpreted and the
- // user gets to use a simplier format.
- return encoded;
- }
break;
case OBFUSCATED:
diff --git a/test/com/google/enterprise/adaptor/SensitiveValueCodecTest.java b/test/com/google/enterprise/adaptor/SensitiveValueCodecTest.java
index 0e63015..c57d36f 100644
--- a/test/com/google/enterprise/adaptor/SensitiveValueCodecTest.java
+++ b/test/com/google/enterprise/adaptor/SensitiveValueCodecTest.java
@@ -74,11 +74,7 @@
final String golden = "";
for (SecurityLevel security : SecurityLevel.values()) {
String encoded = codec.encodeValue(golden, security);
- if (security == SecurityLevel.PLAIN_TEXT) {
- assertEquals(golden, encoded);
- } else {
- assertFalse(golden.equals(encoded));
- }
+ assertFalse(golden.equals(encoded));
assertEquals(golden, codec.decodeValue(encoded));
}
}
