Subject Re: Encryption for embedded server
Author Roman Rokytskyy

> Why do you want to relate user authentication issues with file
> encryption? They seem to be "apples and oranges".
> Or are you using "security plugin" as a term under which you are
> grouping families of functions/hooks which can be handed off to
> external functions?

One of the possible solutions I described in my post about JAAS
authentication in Java. Note, not every time you want the client to
know the encryption key. In my example the key is assigned by the
security plugin after the successful authentication. It is still a
security plugin.

> Why require a plug-in for the default functionality which should be
> defined in the engine?

Because one might want simple XORing as a relatively secure and
performant solution, some other would require symmentric encryption,
and others would only by PKI encryption.

> Shouldn't the plug-ins only register for functions/hooks which they
> want to 'intercept'? Much like a callback can be registered and
> then called/invoked as required but if none are define nothing is
> called.

Right, some kind of callback. Or even replace a layer (for example the
network protocol). That's the question of available extension points.