| Re: [che-dev] Persist Theia plugin data in a Che workspace |
Looked at this a bit more.
@Mykola which APIs are you implementing exactly?
I guess you are on ExtensionContext.
ExtensionContext::globalState should return a Memento implementation that stores the data centrally.
ExtensionContext::workspaceState should return a Memento that can store the data on the workspace but we should
handle transparent encryption/decryption this data. I am not sure what was Sergii Leshchenko's suggestion that
Sergii referred to down to the thread but we need a way to encrypt/decrypt that data user specific way.
ExtensionContext::logPath and ExtensionContext:storagePath are locations on the Che workspace which were the ones
Thomas was referring to mostly.
IMHO if an extension is accessing those locations directly it is their responsibility to do the encryption.
This brings the questions how are the settings for user and workspace are handled at the moment?
Thanks,
Gorkem
On 15 Dec 2018, at 0:40, Oleksandr Garagatyi wrote:
I agree with Thomas. Compatibility with VS Code is quite critical.Every time I say someone that we are working on ability to grab VS code extension directly from the marketplace they are blown away.And secure workspace sharing comes with a price: you can’t store anything in files, you can’t store anything in environment variables. And now we do store a workspace token in environment variable, so invited user can find it. Apart from that, if user is in terminal of a workspace it is possible to catch memory of the IDE and find tokens even if they would be used per-action and not persisted anywhere.This leads us to the situation we have on OSIO - sharing is not secure.If we want to share workspaces we need to think through how it can be achieved and what are the drawbacks if any.--пт, 14 дек. 2018 г. в 08:29, Sun Tan <sutan@xxxxxxxxxx>:That's the point, we are reaching a point where usage from vscode/desktop is very different to how we could use it in Che/cloud--On Fri, Dec 14, 2018 at 4:28 PM <tmader@xxxxxxxxxx> wrote:That's the point...it's not just the github token, it's arbitrary files that may or may not contain information that is considered confidential. VSCode has the storage path at $HOME/.config/Code[ - Variant]/User/workspaceStorage/A vscode extension can put any type of file it wants there./Thomas_______________________________________________On Fri, 2018-12-14 at 16:04 +0100, Sun Tan wrote:also if we still just talk about the github token, it should be stored through all the workspaces. I cannot see a user having to reimport a token each time he create a new workspace ...On Fri, Dec 14, 2018 at 3:58 PM Sun Tan <sutan@xxxxxxxxxx> wrote:To me, if you take the Github token are personal andshould NOT be per workspaceSHOULD be per user
I cannot see how we could allow another user that has access to my workpace to use my github token
che-dev mailing list
che-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/che-dev
_______________________________________________Sun TAN
Senior Java Software Engineer
Eclipse Che - Openshift.io @ Red Hat
Paris JUG team memberMobile : +33 6 21 02 41 73
Email : sutan@xxxxxxxxxx
Email Paris JUG : sunix@xxxxxxxxxxxx
Blog: http://blog.sunix.org
twitter: @sunsengdavidtan
che-dev mailing list
che-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/che-dev
Oleksandr Garagatyi
_______________________________________________
che-dev mailing list
che-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/che-dev