| Extend RCP to restrict third party plugins [message #436654] |
Wed, 14 September 2005 06:01  |
Eclipse User |
|
|
|
Hi,
I'm developing an application using the RCP framework. I've got a core RCP application which accepts plug-ins just like Eclipse does. If I want to add a feature I just create a plug-in and provide it on the update site. Great.
The problem I have is that anyone can add any plug-ins to my application. All they need to do is paste the plug-ins into the plugins folder and/or edit the config.ini file to automatically discover plug-ins.
I was thinking about extending the AbstractUIPlugin class to include plug-in validation and extended that class for all my plug-ins. I'd still have the same problem though.
There must be a good way to validate plug-ins before they are loaded. Could I implement my own PluginRegistry that would only accept plug-ins of a certain type?
Any ideas? Thanks!
|
|
|
|
|
|
|
|
|
| Re: Extend RCP to restrict third party plugins [message #436684 is a reply to message #436675] |
Wed, 14 September 2005 18:16  |
| Eclipse User |
|
|
|
If you're really serious about wanting to restrict items, what about using plain old file permissions? Just have the plugins/ folder writable only by an administrator group, but readable to the rest of the world. That way, no-one can add other items into it, which looks like what you want to do.
Of course, if you just want to use some of Eclipse's functionality (like SWT or JFace) then you could just bundle those Jars and leave out the plugin frameworks.
If you really want to add boot-time checking to a system, then you could always modify Startup.jar. An easier, but potentially less secure, workaround would be to modify your initial plugins to do a search of the IExtensionRegistry to find all known plugins, and then abort if the plugins aren't found.
But frankly, I think you're going to get a lot more calls like 'Eclipse won't start up because it's complaining about an unknown plugin' rather than 'The plugin made it crash' :-) Don't forget that Eclipse has multiple configurations, even with Update Manager, and you can get them to roll back to a last-known-good configuration in a matter of minutes.
|
|
|
| Re: Extend RCP to restrict third party plugins [message #436690 is a reply to message #436684] |
Wed, 14 September 2005 23:35 |
| Eclipse User |
|
|
|
The usecase of locking down an Eclipse configuration is real. We get asked
about it from several different communities. So, what can you do about it?
1) If your app is small (i.e., few plugins) and you don't want update
technology, simply don't include org.eclipse.update.configurator in your
distribution. This is the guy who helpfully discovers and installs the
random plugins you mention.
2) If your app is bigger but you still don't want to use update, you can
write your own configurator. The code is pretty easy (see EclipseStarter
where is handles the osgi.bundles list for an example of installing bundles
in code). Here you can literally do anything you want. Fetch plugins from
a server, install, uninstall, ...
3) if you want to use update technology but don't want the auto discovery
right now the only way to do that is to mark the <site> with the
MANAGED-ONLY policy in the platform.xml. Normally apps do not ship with a
platform.xml as the configurator will automatically discover
plugins/features and create the file for you. In this case you simply ship
your app with a preconfigured file in confgiruation/org.eclipse.update.
There is some interesting reference doc in the help (search for
"platform.xml")
There may be some more but that covers the main ones.
Going forward we are pressing on several fronts. As pointed out, the
Equinox project is looking at various security issues. We hope to have some
login based provision technology in 3.2.
As always, your thoughts and contributions are more than welcomed.
Especially in the area of security.
Jeff
"Alex Blewitt" <alex_blewitt@yahoo.com> wrote in message
news:3336516.1126736218234.JavaMail.root@cp1.javalobby.org...
> If you're really serious about wanting to restrict items, what about using
plain old file permissions? Just have the plugins/ folder writable only by
an administrator group, but readable to the rest of the world. That way,
no-one can add other items into it, which looks like what you want to do.
>
> Of course, if you just want to use some of Eclipse's functionality (like
SWT or JFace) then you could just bundle those Jars and leave out the plugin
frameworks.
>
> If you really want to add boot-time checking to a system, then you could
always modify Startup.jar. An easier, but potentially less secure,
workaround would be to modify your initial plugins to do a search of the
IExtensionRegistry to find all known plugins, and then abort if the plugins
aren't found.
>
> But frankly, I think you're going to get a lot more calls like 'Eclipse
won't start up because it's complaining about an unknown plugin' rather than
'The plugin made it crash' :-) Don't forget that Eclipse has multiple
configurations, even with Update Manager, and you can get them to roll back
to a last-known-good configuration in a matter of minutes.
|
|
|
|
|
|
| Re: Extend RCP to restrict third party plugins [message #436767 is a reply to message #436735] |
Sat, 17 September 2005 19:23 |
| Eclipse User |
|
|
|
> Not really, that just protects your IP, there's still
> nothing stopping anyone from plugging in unauthorized
> plugins into your application.
>
> In fact obfuscation is another problem area in RCP.
> It's very difficult to obfuscate because there are so
> many references to classes from the plugin manifest.
> An Eclipse plug-in to handle obfuscation in RCP
> applications would be sweet.
I have found it very time consuming to get a stable, increnmentally obfuscated set of plugins
|
|
|
Powered by
FUDForum. Page generated in 0.06027 seconds
Home