[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
[ease-dev] [GSoC Proposal] Add support to sign and verify scripts
|
This is a proposal for GSoC 2016, to add script signing support for EASE.
Currently we allow to run scripts from arbitrary locations. Typically
this will be the workspace or the local file system, but files may also
be consumed from the network or the internet. As such scripts have
access to a running JVM and therefore to the local file system, such
scripts may be harmful. Therefore we want to add some security to them.
Your task would be to add functionality that a user can sign scripts.
On script execution, script engines should check the origin of a script.
If it comes from a remote location, its signature should be verified
before running the script. In case the signature is invalid or missing,
execution should be denied. Preference settings should be added so users
may explicitly allow to run unsigned, foreign scripts.
Skills required for this task:
You should have experience in cryptography, signatures and the
signing/verification process.
Some eclipse UI experience would help as you need to provide new
preferences pages.
and of course you need to get acquainted to EASE.
If you think of applying for this task you should introduce yourself on
this mailing list. Further you should do a sample commit to EASE. This
could be a small donation to a JavaDoc comment in one of the source
files, so you do not need to fix code already. It will prove that you
are able to set up your development environment and that you are
familiar with the contributor workflow.
looking forward for your applications
cheers
Christian
