Home

Screen Shots

Download

FAQ

Credits

Developers

TidBits: FAQ

Here is a collection of frequently asked questions about TidBits:

Does TidBits encrypt the data in the database?

No. TidBits does not provide any encryption capabilities for storing the data. Instead it relies on the security if the database you deploy TidBits into. Some database systems support encryption, however. For example Apache Derby can be easily configured to encrypt the entire TidBits database. PostgreSQL can encrypt table columns. Oracle provides many ways to encrypt the database, too. Some operating systems can make use of encrypted disk partitions. There are many ways to encrypt the data stored in the TidBits database, but all of those are outside the scope of what TidBits itself does.

Does TidBits encrypt the data while communicating with the database?

No. However, TidBits uses JDBC to communicate with the database, and many database systems support SSL-encrypted JDBC connections. Consult the documentation for the JDBC driver of your database if you want to encrypt the JDBC communication.

Does TidBits encrypt the data while communicating with your web browser?

No. If you want to make your TidBits application publicly accessible, then you should only allow SSL-encrypted (HTTPS) connections to your TidBits deployment. This can be accomplished by either running TidBits behind a web server that is configured with SSL support or by configuring the servlet container (Tomcat, JBoss, etc.) to listen for SSL connections.

Does TidBits encrypt the data stored in the search index?

No. You must ensure you set the appropriate directory permissions for the directory you configure TidBits to use for its search index. You could store the index on an encrypted file system if you want the index data encrypted.

How do I configure user login accounts?

TidBits itself does not manage your users for you, but relies on the Acegi Security System to handle authentication and authorization. This means you have the full power and flexibility of Acegi available for configuring user access to your TidBits deployment. By default, TidBits comes configured to use an in-memory, hard-coded list of users and passwords. These are stored in the WEB-INF/classes/securityContext.xml configuration file, which contains the complete Acegi configuration for the TidBits application. To add or modify users for the in-memory, hard-coded list of users, simply modify the userMap property of the inMemoryDao bean. For example, to add a new user user2 with a password of password, the configuration would look like this:

<bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl"> <property name="userMap"> <value> test=test,ROLE_USER user2=password,ROLE_USER </value> </property> </bean>

Can I encrypt the passwords in the securityContext.xml file?

Yes. You need to simply un-comment out two lines from the default securityContext.xml file to enabled MD5-encrypted passwords. Look for the phrase passwordEncoder in the securityContext.xml file, and make sure those lines are not commented out. Then you must encrypt the passwords used by the inMemoryDaoImpl bean as MD5 hashes. The whole configuration would look like this:

<bean id="testDaoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider"> <property name="userDetailsService" ref="inMemoryDaoImpl"/> <property name="userCache" ref="userCache"/> <property name="passwordEncoder" ref="passwordEncoder"/> </bean> <bean id="passwordEncoder" class="org.acegisecurity.providers.encoding.Md5PasswordEncoder"/> <bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl"> <property name="userMap"> <value> test=098f6bcd4621d373cade4e832627b4f6,ROLE_USER </value> </property> </bean>

Most operating systems come with a MD5 utility that you can use to generate the MD5 hash values. For example on OS X you can execute the md5 utility like this:

$ md5 -s test MD5 ("test") = 098f6bcd4621d373cade4e832627b4f6

Can I use LDAP for authentication?

Yes. Consult the Acegi documentation for detailed information on how to configure an LDAP provider. Note that TidBits uses the 1.0.1 release of Acegi; some LDAP-related configurations changed between the 1.0RC releases and the final 1.0 release. Here is an example of an LDAP configuration that uses the businessCategory attribute of the groupOfUniqueNames object class to store the user roles, and the uid attribute of the inetOrgPerson class to store the user logins:

<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager"> <property name="providers"> <list> <ref local="ldapAuthProvider"/> <ref local="testDaoAuthenticationProvider"/> <ref local="anonymousAuthenticationProvider"/> </list> </property> </bean> <bean id="ldapUserSearch" class="org.acegisecurity.ldap.search.FilterBasedLdapUserSearch"> <constructor-arg index="0" value="ou=People"/> <constructor-arg index="1" value="(uid={0})"/> <constructor-arg index="2" ref="ldapInitialDirContextFactory" /> <property name="searchSubtree" value="false"/> </bean> <bean id="ldapAuthProvider" class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider"> <constructor-arg> <bean class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator"> <constructor-arg ref="ldapInitialDirContextFactory"/> <property name="userSearch" ref="ldapUserSearch"/> </bean> </constructor-arg> <constructor-arg> <bean class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator"> <constructor-arg ref="ldapInitialDirContextFactory"/> <constructor-arg value="ou=Groups"/> <property name="groupSearchFilter" value="(uniqueMember={0})"/> <property name="groupRoleAttribute" value="businessCategory"/> <property name="defaultRole" value="ROLE_USER"/> </bean> </constructor-arg> </bean> <bean id="ldapInitialDirContextFactory" class="org.acegisecurity.ldap.DefaultInitialDirContextFactory"> <constructor-arg value="ldap://ldap.server:389/dc=mydomain,dc=com"/> <property name="managerDn" value="cn=manager,dc=mydomain,dc=com"/> <property name="managerPassword" value="manager.password.here"/> </bean>

After I perform a search, how do I view all tidbits again?

When you perform a search, the search is "remembered" for the course of your TidBits session. To return to the full view of all your tidbits, either click on the TidBits logo in the top navigation or submit an empty search.