[dokuwiki] Re: Crypto plugin
- From: "Bob McConnell" <rvm@xxxxxxxxx>
- To: <dokuwiki@xxxxxxxxxxxxx>
- Date: Wed, 16 Aug 2006 08:28:40 -0400
> -----Original Message-----
> From: dokuwiki-bounce@xxxxxxxxxxxxx
> [mailto:dokuwiki-bounce@xxxxxxxxxxxxx] On Behalf Of Samuel Degrande
> Sent: Wednesday, August 16, 2006 5:37 AM
> To: dokuwiki@xxxxxxxxxxxxx
> Subject: [dokuwiki] Crypto plugin
>
> Hi.
>
> I'm writing my first plugin for Dokuwiki, and I have some
> 'philosophical' questions about
> some "non-standard requirements" of that plugin.
>
> My goal is to create a page containing a list of passwords.
> For obvious
> security
> reasons, those passwords are stored encrypted in the wiki-page.
>
> The purpose of my plugin is to insert some Javascript code inside the
> generated
> HTML page and an input form to let the user enter a passphrase. The
> passphrase
> is then used by the Javascript code to decrypt the passwords
> and replace
> them
> with the plaintext passwords.
>
> Two specific 'tags' are used :
> - <crypto>aaaaaa</crypto> defines a ciphertext. <crypto> is
> just replaced
> by <span class="ciphertext">, in order to let the code
> finds what it
> has to
> decrypt.
> - {{keyform>params}} is replaced by the input form
>
>
> Now my questions (I'm using dokuwiki-2006-03-09) :
>
> 1) The Javascript code used by the plugin could be defined in
> script.js.
> However, the cryptographic algorithms to use are defined by the
> {{keyform}}
> params, and I don't want to include all possible
> algorithms in all
> wiki-pages
> (just because it's too heavy).
> Currently, the rendering of {{keyform}} includes some <script
> src="....">
> directly inside the HTML body, but that doesn't follow
> the rules of
> http://wiki.splitbrain.org/wiki:devel:javascript ('inline
> scripts'
> are not
> really recommended, as far as I understand)
> So, how could I conditionally include a javascript ?
>
> 2) To generate the encrypted passwords, I want to add a
> 'cryptographic
> calculator' to
> the Dokuwiki editor. Then, the user just writes the plaintext
> inside the editor, selects
> it, and clicks on the crypto-calc icon. A new window is
> then opened
> where the user
> can input the passphrase. The ciphertext is then computed (by a
> javascript code),
> and the plaintext is automatically replaced inside the editor.
> To do that, I had to 'hack' inc/toolbar.php in order to add a
> button to the editor toolbar.
> That button is defined as a 'mediapopup' and calls a php script
> when clicked, because I did
> not find an other solution to associate a callback to a button.
> So, is there a better solution ?
> I think that if would be very useful if a doku plugin could add
> it's own buttons to the editor.
>
> Thanks, and excuse me for my bad 'frenglish' (french-english)
>
> --
> Samuel Degrande LIFL - UMR8022 CNRS - INRIA Futurs - Bat M3
> Phone: (33)3.28.77.85.30 USTL - Universite de Lille 1
> Fax: (33)3.28.77.85.37 59655 VILLENEUVE D'ASCQ CEDEX - FRANCE
> [CA certs: http://igc.services.cnrs.fr/CNRS-Standard/recherche.html ]
>
Samuel,
Your English is a lot better than my French, or even my wife's, who
majored in it 35 years ago.
I can't comment on the structure of the code since I don't know PHP yet,
but I can make a couple of suggestions on what to implement. There is no
need to include a wide range of ciphers. In addition, once a user has
selected one and saved the passwords, she has to open the page and enter
the passphrase to decrypt the entries before changing that selection.
Either select just one of the more secure ciphers, or create a short
radio button list so the user can choose from those you have
implemented. Save that choice as part of the stored page.
Would an AJAX style update function allow you to retrieve the encryption
code separately? The decrypt code would only have to be read when
reopening the saved page.
Bob McConnell
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
Other related posts:
