Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Plugin Development Environment (PDE) » How to authenticate contributing extension?
icon5.gif  How to authenticate contributing extension? [message #515024] Wed, 17 February 2010 14:11 Go to next message
Dave Meurer is currently offline Dave Meurer
Messages: 2
Registered: February 2010
Junior Member
Hello,

I'm trying to find approaches to protecting the contributing extension I've created, so that it can not be spoofed or overridden. In this instance, I am building a licensing contributing architecture where my company needs to be the only one who can contribute extensions to the plug-ins. I'm trying to prevent someone from overriding the licensing mechanism to always return true when a license is requested - but, my company can have different licensing adapters, hence the need to have a contributing architecture.

I've looked around and found articles/forums on digitally signing jars, etc, but I can't find examples or discussions on how to verify that an extension is signed when getting the instance.

Are there better ways to guarantee that the contributing extension is authentic?

Kind regards,
Dave

[Updated on: Wed, 17 February 2010 17:21]

Report message to a moderator

Re: How to authenticate contributing extension? [message #515304 is a reply to message #515024] Thu, 18 February 2010 12:59 Go to previous message
Vijay Raj
Messages: 608
Registered: July 2009
Senior Member
Its like "should i have the cake or eat it...".

Either you can have extendability or restrict ability...
you can not have both...

But in your case you need both(but i think it would be better to not use extensions for it)....
The solution can be...
You can have a getter method in your adapter interface
which returns a encrypted key value,which then can be authenticated by your main application...
off coarse your licensing adapter plugin should be obstruficated so that the key can not be retrieved...


---------------------
why, mr. Anderson, why, why do you persist?
Because I Choose To.
Regards,
Vijay
Previous Topic:headless build issues/bugs
Next Topic:How to authenticate contributing extension
Goto Forum:
  


Current Time: Thu Oct 23 16:45:04 GMT 2014

Powered by FUDForum. Page generated in 0.02685 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software