| Userid/Password cache? [message #6061] |
Fri, 16 February 2007 11:31  |
Eclipse User |
|
|
|
Originally posted by: paul.tamminga.charter.net
I'm curious about the userid/password cache that RSE uses. Our application
has a need for this capability and I'm wondering about the feasiblity of
re-using it.
Is it actually part of RSE or is it in the infrastructure?
Is it secure?
Does it have API/packaging to make it feasible to use just that part of
rse as an enabling component?
Can someone give me a hint about where to look for this mechanism in the
code?
Thanks.
|
|
|
| Re: Userid/Password cache? [message #6075 is a reply to message #6061] |
Mon, 19 February 2007 15:25  |
| Eclipse User |
|
|
|
Hi Paul,
RSE uses the Eclipse Platform's keyring for storing password
information. This is the same facility that's also used by the Eclipse
CVS Team provider and others. It's encrypted but not very secure (A CVS
dialog says: "Passwords are stored on your computer in a format that's
difficult, but not impossible for an intruder to read".
The main class in RSE to look at is PasswordPersistenceManager
(org.eclipse.rse.ui plugin). It uses Platform.getAuthorizationInfo()
which is also known as the Eclipse keyring.
The passwords themselves are stored in the Eclipse configuration area by
default, and they are "softly" encrypted with a default password. You
can slightly improve security by giving commandline parameters to
Eclipse on startup:
eclipse -keyring C:\mySecretFolder\mySecretFile -password myPassword
For more details, see
http://help.eclipse.org/help32/topic/org.eclipse.platform.do c.isv/reference/misc/runtime-options.html
Cheers,
--
Martin Oberhuber
Wind River Systems, Inc.
Target Management Project Lead, DSDP PMC Member
http://www.eclipse.org/dsdp/tm
|
|
|
| Re: Userid/Password cache? [message #566338 is a reply to message #6061] |
Mon, 19 February 2007 15:25 |
| Eclipse User |
|
|
|
Hi Paul,
RSE uses the Eclipse Platform's keyring for storing password
information. This is the same facility that's also used by the Eclipse
CVS Team provider and others. It's encrypted but not very secure (A CVS
dialog says: "Passwords are stored on your computer in a format that's
difficult, but not impossible for an intruder to read".
The main class in RSE to look at is PasswordPersistenceManager
(org.eclipse.rse.ui plugin). It uses Platform.getAuthorizationInfo()
which is also known as the Eclipse keyring.
The passwords themselves are stored in the Eclipse configuration area by
default, and they are "softly" encrypted with a default password. You
can slightly improve security by giving commandline parameters to
Eclipse on startup:
eclipse -keyring C:\mySecretFolder\mySecretFile -password myPassword
For more details, see
http://help.eclipse.org/help32/topic/org.eclipse.platform.do c.isv/reference/misc/runtime-options.html
Cheers,
--
Martin Oberhuber
Wind River Systems, Inc.
Target Management Project Lead, DSDP PMC Member
http://www.eclipse.org/dsdp/tm
|
|
|
Powered by
FUDForum. Page generated in 0.03420 seconds
Home