Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Rich Client Platform (RCP) » Extend RCP to restrict third party plugins
Extend RCP to restrict third party plugins [message #436654] Wed, 14 September 2005 10:01 Go to next message
Peter Bracken is currently offline Peter BrackenFriend
Messages: 12
Registered: July 2009
Junior Member
Hi,

I'm developing an application using the RCP framework. I've got a core RCP application which accepts plug-ins just like Eclipse does. If I want to add a feature I just create a plug-in and provide it on the update site. Great.

The problem I have is that anyone can add any plug-ins to my application. All they need to do is paste the plug-ins into the plugins folder and/or edit the config.ini file to automatically discover plug-ins.

I was thinking about extending the AbstractUIPlugin class to include plug-in validation and extended that class for all my plug-ins. I'd still have the same problem though.

There must be a good way to validate plug-ins before they are loaded. Could I implement my own PluginRegistry that would only accept plug-ins of a certain type?

Any ideas? Thanks!
Re: Extend RCP to restrict third party plugins [message #436664 is a reply to message #436654] Wed, 14 September 2005 12:58 Go to previous messageGo to next message
Alex Blewitt is currently offline Alex BlewittFriend
Messages: 946
Registered: July 2009
Senior Member
One of the main benefits of RCP is that it's designed to be extended by plugins. Indeed, that's one of the main reasons to use it; you can provide an application, but if a user wants to create a shortcut to some particular functionality, they can do so.

Why would you want to be able to do this?

If you really want to achieve this, why not write some changes in the startup.jar that launches Eclipse, and then delete anything that isn't in one of your 'prescribed' plugins?
Re: Extend RCP to restrict third party plugins [message #436666 is a reply to message #436664] Wed, 14 September 2005 13:32 Go to previous messageGo to next message
Peter Bracken is currently offline Peter BrackenFriend
Messages: 12
Registered: July 2009
Junior Member
There are lots of reasons to want to restrict your application so that it only loads plugins written/approved by you.

Say for example I develop an XML editor and sell it as an extension to my application. What if someone decides to use another XML Editor plug-in that's available somewhere else? It sounds great but if there are bugs or security holes in that plug-in then it reflects poorly on my application.

What if I'm writing mission critical code? I don't want bugs from some third-party plug-in compromising my application.

I want to deploy an application rather than a platform, the customer is expecting an application, not a platform.

Writing changes to the startup.jar won't really solve the problem either, there's nothing stopping someone from copying another startup.jar into the application folder. Or even worse copying my plug-ins into another application.

There must be some way of validating/authenticating plug-ins.
Re: Extend RCP to restrict third party plugins [message #436668 is a reply to message #436666] Wed, 14 September 2005 13:56 Go to previous messageGo to next message
Neil Bartlett is currently offline Neil BartlettFriend
Messages: 93
Registered: July 2009
Member
If you don't want an open application, don't use an open application
framework :-)
Re: Extend RCP to restrict third party plugins [message #436671 is a reply to message #436668] Wed, 14 September 2005 14:46 Go to previous messageGo to next message
Peter Bracken is currently offline Peter BrackenFriend
Messages: 12
Registered: July 2009
Junior Member
> If you don't want an open application, don't use an
> open application
> framework :-)
>

That's a bit defeatist isn't it? ;-)

It's something that could maybe even should be implemented in Eclipse. I'd rather implement it and submit a patch if it doesn't exist than walk away from it.
Re: Extend RCP to restrict third party plugins [message #436672 is a reply to message #436671] Wed, 14 September 2005 15:17 Go to previous messageGo to next message
Neil Bartlett is currently offline Neil BartlettFriend
Messages: 93
Registered: July 2009
Member
Sorry I was being a little flippant, although I do believe that you should
be a little less paranoid about users extending your application. 3rd
party extensibility is what made Eclipse IDE such a success, after all.

You might want to look at the security effort that's going on at the
moment in the Equinox project. They're currently looking at the
requirements for locking out plugins based on user roles. In the future
that may include code signing for plugins or something like that.

For something that works now, you could deploy your application with Java
Web Start. I don't know if that be a viable choice for you, but if you
deploy an RCP application via JWS (and don't supply the Update Manager
with it) then the users will only ever get the plugins that you prescribe.

-Neil
Re: Extend RCP to restrict third party plugins [message #436675 is a reply to message #436672] Wed, 14 September 2005 16:09 Go to previous messageGo to next message
Peter Bracken is currently offline Peter BrackenFriend
Messages: 12
Registered: July 2009
Junior Member
Thanks, Equinox looks interesting.

You can't be too paranoid :) Seriously though, I think it's something that would definetely benefit RCP's uptake in the industry. Not everyone wants to write Open software. It may be over-paranoid alright but for industries like Automation/Legal/Pharmaceutical etc it may be a requirement.

You don't want a badly written third-party plug-in to be responsible for halting a production line costing thousands per minute.
Re: Extend RCP to restrict third party plugins [message #436684 is a reply to message #436675] Wed, 14 September 2005 22:16 Go to previous messageGo to next message
Alex Blewitt is currently offline Alex BlewittFriend
Messages: 946
Registered: July 2009
Senior Member
If you're really serious about wanting to restrict items, what about using plain old file permissions? Just have the plugins/ folder writable only by an administrator group, but readable to the rest of the world. That way, no-one can add other items into it, which looks like what you want to do.

Of course, if you just want to use some of Eclipse's functionality (like SWT or JFace) then you could just bundle those Jars and leave out the plugin frameworks.

If you really want to add boot-time checking to a system, then you could always modify Startup.jar. An easier, but potentially less secure, workaround would be to modify your initial plugins to do a search of the IExtensionRegistry to find all known plugins, and then abort if the plugins aren't found.

But frankly, I think you're going to get a lot more calls like 'Eclipse won't start up because it's complaining about an unknown plugin' rather than 'The plugin made it crash' :-) Don't forget that Eclipse has multiple configurations, even with Update Manager, and you can get them to roll back to a last-known-good configuration in a matter of minutes.
Re: Extend RCP to restrict third party plugins [message #436690 is a reply to message #436684] Thu, 15 September 2005 03:35 Go to previous messageGo to next message
Jeff McAffer is currently offline Jeff McAfferFriend
Messages: 104
Registered: July 2009
Senior Member
The usecase of locking down an Eclipse configuration is real. We get asked
about it from several different communities. So, what can you do about it?

1) If your app is small (i.e., few plugins) and you don't want update
technology, simply don't include org.eclipse.update.configurator in your
distribution. This is the guy who helpfully discovers and installs the
random plugins you mention.

2) If your app is bigger but you still don't want to use update, you can
write your own configurator. The code is pretty easy (see EclipseStarter
where is handles the osgi.bundles list for an example of installing bundles
in code). Here you can literally do anything you want. Fetch plugins from
a server, install, uninstall, ...

3) if you want to use update technology but don't want the auto discovery
right now the only way to do that is to mark the <site> with the
MANAGED-ONLY policy in the platform.xml. Normally apps do not ship with a
platform.xml as the configurator will automatically discover
plugins/features and create the file for you. In this case you simply ship
your app with a preconfigured file in confgiruation/org.eclipse.update.
There is some interesting reference doc in the help (search for
"platform.xml")

There may be some more but that covers the main ones.

Going forward we are pressing on several fronts. As pointed out, the
Equinox project is looking at various security issues. We hope to have some
login based provision technology in 3.2.

As always, your thoughts and contributions are more than welcomed.
Especially in the area of security.

Jeff


"Alex Blewitt" <alex_blewitt@yahoo.com> wrote in message
news:3336516.1126736218234.JavaMail.root@cp1.javalobby.org...
> If you're really serious about wanting to restrict items, what about using
plain old file permissions? Just have the plugins/ folder writable only by
an administrator group, but readable to the rest of the world. That way,
no-one can add other items into it, which looks like what you want to do.
>
> Of course, if you just want to use some of Eclipse's functionality (like
SWT or JFace) then you could just bundle those Jars and leave out the plugin
frameworks.
>
> If you really want to add boot-time checking to a system, then you could
always modify Startup.jar. An easier, but potentially less secure,
workaround would be to modify your initial plugins to do a search of the
IExtensionRegistry to find all known plugins, and then abort if the plugins
aren't found.
>
> But frankly, I think you're going to get a lot more calls like 'Eclipse
won't start up because it's complaining about an unknown plugin' rather than
'The plugin made it crash' :-) Don't forget that Eclipse has multiple
configurations, even with Update Manager, and you can get them to roll back
to a last-known-good configuration in a matter of minutes.
Re: Extend RCP to restrict third party plugins [message #436713 is a reply to message #436690] Thu, 15 September 2005 07:49 Go to previous messageGo to next message
Peter Bracken is currently offline Peter BrackenFriend
Messages: 12
Registered: July 2009
Junior Member
Thanks Jeff!
Re: Extend RCP to restrict third party plugins [message #436733 is a reply to message #436690] Fri, 16 September 2005 07:10 Go to previous messageGo to next message
Charles H Martin is currently offline Charles H MartinFriend
Messages: 79
Registered: July 2009
Member
For me, I would want to simply obfuscate my plugin to keep someone from reverse engineering or modifying my specific intent

Is that not enough for your needs?
Re: Extend RCP to restrict third party plugins [message #436735 is a reply to message #436733] Fri, 16 September 2005 08:07 Go to previous messageGo to next message
Peter Bracken is currently offline Peter BrackenFriend
Messages: 12
Registered: July 2009
Junior Member
Not really, that just protects your IP, there's still nothing stopping anyone from plugging in unauthorized plugins into your application.

In fact obfuscation is another problem area in RCP. It's very difficult to obfuscate because there are so many references to classes from the plugin manifest. An Eclipse plug-in to handle obfuscation in RCP applications would be sweet.
Re: Extend RCP to restrict third party plugins [message #436767 is a reply to message #436735] Sat, 17 September 2005 23:23 Go to previous message
Charles H Martin is currently offline Charles H MartinFriend
Messages: 79
Registered: July 2009
Member
> Not really, that just protects your IP, there's still
> nothing stopping anyone from plugging in unauthorized
> plugins into your application.
>
> In fact obfuscation is another problem area in RCP.
> It's very difficult to obfuscate because there are so
> many references to classes from the plugin manifest.
> An Eclipse plug-in to handle obfuscation in RCP
> applications would be sweet.

I have found it very time consuming to get a stable, increnmentally obfuscated set of plugins
Previous Topic:KeyListeners
Next Topic:[nb] Open a view inside a view
Goto Forum:
  


Current Time: Thu Dec 26 21:08:35 GMT 2024

Powered by FUDForum. Page generated in 0.06435 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top