Closed Phillipus closed 1 year ago
Use Eclipse's secure storage for passwords
The other alternative is to use our own encrypted property storage secured by a password. This would have to be manually unlocked on first use as we do in coArchi, and would need a bit of re-inventing of the wheel regarding setting/changing the primary password and so on. We get all of that for free with the Eclipse implementation.
@jbsarrodie WDYT?
@jbsarrodie WDYT?
I'm never in favor of re-inventing the wheel, so I would go for Eclipse's secure storage. My only remark is: would it be possible to force a secure storage provider (and some of its attributes) through Archi.ini
file, for the case where a "big company" wants to enforce some provider (e.g. primary password based) and options (e.g. minimum password lenght...) ?
would it be possible to force a secure storage provider (and some of its attributes) through Archi.ini
There are only two providers - the one that stores master password in keyring and the manual sign in with password one. You can select which one to use in prefs. This is written to a file in .config/.settings/org.eclipse.equinox.security.prefs
:
org.eclipse.equinox.security.preferences.cipher=PBEWithMD5AndDES
org.eclipse.equinox.security.preferences.disabledProviders=org.eclipse.equinox.security.windowspasswordprovider64bit
org.eclipse.equinox.security.preferences.keyFactory=PBEWithMD5AndDES
minimum password lenght
That isn't possible without writing your own provider which I think would be quite hard.
Actually it is possible to write your own Password provider. It would have to be a manually entered password type dialog but you could then check it for length etc:
You can select which one to use in prefs. This is written to a file in
.config/.settings/org.eclipse.equinox.security.prefs
:
Ok, so like with any preference, it should be possible to set the default value
Actually it is possible to write your own Password provider. It would have to be a manually entered password type dialog but you could then check it for length etc
Perfect ! Of course not needed at the moment, but good to know it is possible if really needed.
I've committed this to master branch now (and rebased archimate32
branch on top of it). There's a new "System" entry in Archi's Preferences dialog under which you can set net proxy, Secure Storage options and the default browser.
One more thing. Because the path to the Eclipse secure storage file (key ring) is set in Archi.ini
, you will need to launch Archi from Eclipse by clicking on the Launch link in the archi.product
file. This will effectively add the following to the Program Args in the Launch Configuration:
-eclipse.keyring @user.home/AppData/Roaming/Archi4/secure_storage
Otherwise Archi will use the one at ~/.eclipse/org.eclipse.equinox.security/secure_storage
At the moment we have custom secure credentials storage and proxy settings in coArchi. We need to implement secure credentials and proxy in Archi itself so that other plug-ins can use them.
Proposal is:
I've implemented this in the
security-proxy
branch.Eclipse's secure storage has a lot of advantages:
For reference - https://help.eclipse.org/latest/index.jsp?topic=/org.eclipse.platform.doc.user/reference/ref-securestorage-options.htm