| How to authenticate contributing extension [message #604712] |
Wed, 17 February 2010 09:11  |
Eclipse User |
|
|
|
Hello,
I'm trying to find approaches to protecting the contributing extension I've created, so that it can not be spoofed or overridden. In this instance, I am building a licensing contributing architecture where my company needs to be the only one who can contribute extensions to the plug-ins. I'm trying to prevent someone from overriding the licensing mechanism to always return true when a license is requested - but, my company can have different licensing adapters, hence the need to have a contributing architecture.
I've looked around and found articles/forums on digitally signing jars, etc, but I can't find examples or discussions on how to verify that an extension is signed when getting the instance.
Are there better ways to guarantee that the contributing extension is authentic?
Kind regards,
Dave
|
|
|
| Re: How to authenticate contributing extension? [message #604729 is a reply to message #604712] |
Thu, 18 February 2010 07:59  |
| Eclipse User |
|
|
|
Its like "should i have the cake or eat it...".
Either you can have extendability or restrict ability...
you can not have both...
But in your case you need both(but i think it would be better to not use extensions for it)....
The solution can be...
You can have a getter method in your adapter interface
which returns a encrypted key value,which then can be authenticated by your main application...
off coarse your licensing adapter plugin should be obstruficated so that the key can not be retrieved...
--
---------------------
Regards,
Vijay
|
|
|
Powered by
FUDForum. Page generated in 0.26212 seconds
Home