| How to authenticate contributing extension? [message #515024]
||Wed, 17 February 2010 09:11
| Dave Meurer
Registered: February 2010
I'm trying to find approaches to protecting the contributing extension I've created, so that it can not be spoofed or overridden. In this instance, I am building a licensing contributing architecture where my company needs to be the only one who can contribute extensions to the plug-ins. I'm trying to prevent someone from overriding the licensing mechanism to always return true when a license is requested - but, my company can have different licensing adapters, hence the need to have a contributing architecture.
I've looked around and found articles/forums on digitally signing jars, etc, but I can't find examples or discussions on how to verify that an extension is signed when getting the instance.
Are there better ways to guarantee that the contributing extension is authentic?
[Updated on: Wed, 17 February 2010 12:21]
Report message to a moderator
|Re: How to authenticate contributing extension? [message #515304 is a reply to message #515024]
||Thu, 18 February 2010 07:59
Registered: July 2009
Its like "should i have the cake or eat it...".|
Either you can have extendability or restrict ability...
you can not have both...
But in your case you need both(but i think it would be better to not use extensions for it)....
The solution can be...
You can have a getter method in your adapter interface
which returns a encrypted key value,which then can be authenticated by your main application...
off coarse your licensing adapter plugin should be obstruficated so that the key can not be retrieved...
why, mr. Anderson, why, why do you persist?
Because I Choose To.
Powered by FUDForum
. Page generated in 2.63043 seconds