Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [tycho-user] Block unsigned jar in eclipse RCP

If you have a trusted platform enable java-security in the OSGi Platform and only give rights to trusted issuers.

If the platform is not trusted (aka can be modified by the user running it) the first thing a malicious user would do is disable any checks :-)

Am 22.10.20 um 13:01 schrieb Guillaume Dufour:

I want to block overwrite of some classes in an Eclipse RCP (OSGI) application. I sign all my jars but when i modify the SHA-256 in the manifest, the application start without problem.

As i see it's normal because OSGI don't check signature by default here : <>

Is it possible to force signature check on class loading in an Eclipse RCP on all jars or on some specific jars ?

If not, how could I protect on code overwrite in java eclipse RCP world ?

For information all my code is already obfuscated and jars are signed.

I already post this on stackoverflow but without any reply : <>


tycho-user mailing list
To unsubscribe from this list, visit

Back to the top