Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [tycho-user] Block unsigned jar in eclipse RCP
If you have a trusted platform enable java-security in the OSGi Platform and only give rights to trusted issuers.
If the platform is not trusted (aka can be modified by the user running it) the first thing a malicious user would do is disable any checks :-) 

Am 22.10.20 um 13:01 schrieb Guillaume Dufour:

Hello,
I want to block overwrite of some classes in an Eclipse RCP (OSGI) application. I sign all my jars but when i modify the SHA-256 in the manifest, the application start without problem.
As i see it's normal because OSGI don't check signature by default here : wiki.eclipse.org/JAR_Signing <https://wiki.eclipse.org/JAR_Signing>
Is it possible to force signature check on class loading in an Eclipse RCP on all jars or on some specific jars ? 

If not, how could I protect on code overwrite in java eclipse RCP world ?

For information all my code is already obfuscated and jars are signed.

I already post this on stackoverflow but without any reply :
https://stackoverflow.com/questions/64459897/block-unsigned-jar-in-eclipse-rcp <https://stackoverflow.com/questions/64459897/block-unsigned-jar-in-eclipse-rcp> 

Regards,
Guillaume

_______________________________________________
tycho-user mailing list
tycho-user@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/tycho-user

Back to the top