[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
RE: [equinox-dev] Secure Storage Javadoc Gotchas
|
Hi Oleg,
thanks for all this information. Couple of comments and
further questions:
-
Runtime option for password: IMHO this is a no-no because simple ps -ef
on Linux will show the commandline that was used for launching Eclipse,
including the plaintext passwrd. It's one of the things I've always disliked
about the old Eclipse Keyring.
-
Runtime option for keyring location: I've always liked this one because
it allowed me to place my old Eclipse keyring into an NTFS encrypted folder
for added security, with rw access only for my user id - an option that helps
reducing the risk of "I copy your keyring and apply brute force attacks to it"
kinds of approaches.
-
Password recovery questions: When would those ever be used? Arent't
these vulnerable to Brute Force Dictionary attacks?
-
Trusted bundles: sounds interesting.
-
Password Provider Priorities: shouldn't the user be able to move up /
move down / enable / disable password providers by Preference rather than just
showing the fixed priorities?
-
[question added by oleg]: that's a bit of information which I actually
found in the docs ;-)
Cheers,
--
Martin Oberhuber, Senior Member of Technical
Staff, Wind River
Target Management Project
Lead, DSDP PMC Member