[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[equinox-dev] Secure Storage Javadoc Gotchas
|
Hi Folks,
I'm impressed by the new Secure Storage features as
per
Trying to investigate these a little closer, I came across
a few
gotchas that I wanted to mention but was just too lazy
filing
individual bugzilla's for them - so here you
go:
org.eclipse.equinox.security.secureStorage extension
point docs
- missing @since
information, missing link to PasswordProvider class
PasswordProvider Javadocs
- missing hyperlink to secureStorage extension
point
- missing link to ISecurePreferences
ISecurePreferences Javadocs
- missing hyperlink to PasswordProvider
How Secure is the default Secure Storage provided
actually?
It says "Java Encryption is used" ... what encryption does
it
use? Where does the Password come from by default?
What
happens when a new password is generated, how and when
is
the user asked about the password? How secure is the
storage
against malicious plugins running inside the same OSGi
session?
I'd suppose they can easily retrieve any information once
the
session has been opened by (somebody)?
FYI, we're considering migrating the RSE Remote
Password
Support to secure preferences from our current keyring
usage.
We've filed this bug for it:
Are you aware of any other adopters, e.g.
Platform Team/CVS
such that we could share experiences? Would you
mind helping
us getting started? - On our side, integration
should be fairly
easy since only one impl class should be
affected
(PasswordPersistenceManager). What we're not yet
sure
about is whether we should migrate old passwords
from Eclipse
Keyring to the new Secure
Storage.
Cheers,
--
Martin Oberhuber, Senior Member of Technical
Staff, Wind River
Target Management Project
Lead, DSDP PMC Member
Hello,
can someone please
tell me if it is possible to generate the needed p2 metadata for "pure"
bundles(no eclipse plugins) in a local
directory and how
I would do this?
thanx in advance
for any help,
Michael