Closed Phillipus closed 1 year ago
Phillipus
commented
1 year ago Use Eclipse's secure storage for passwords
The other alternative is to use our own encrypted property storage secured by a password. This would have to be manually unlocked on first use as we do in coArchi, and would need a bit of re-inventing of the wheel regarding setting/changing the primary password and so on. We get all of that for free with the Eclipse implementation.
@jbsarrodie WDYT?
jbsarrodie
commented
1 year ago @jbsarrodie WDYT?
I'm never in favor of re-inventing the wheel, so I would go for Eclipse's secure storage. My only remark is: would it be possible to force a secure storage provider (and some of its attributes) through Archi.ini file, for the case where a "big company" wants to enforce some provider (e.g. primary password based) and options (e.g. minimum password lenght...) ?
Phillipus
commented
1 year ago would it be possible to force a secure storage provider (and some of its attributes) through Archi.ini
There are only two providers - the one that stores master password in keyring and the manual sign in with password one. You can select which one to use in prefs. This is written to a file in .config/.settings/org.eclipse.equinox.security.prefs:
org.eclipse.equinox.security.preferences.cipher=PBEWithMD5AndDES
org.eclipse.equinox.security.preferences.disabledProviders=org.eclipse.equinox.security.windowspasswordprovider64bit
org.eclipse.equinox.security.preferences.keyFactory=PBEWithMD5AndDESminimum password lenght
That isn't possible without writing your own provider which I think would be quite hard.
Phillipus
commented
1 year ago Actually it is possible to write your own Password provider. It would have to be a manually entered password type dialog but you could then check it for length etc:
jbsarrodie
commented
1 year ago You can select which one to use in prefs. This is written to a file in
.config/.settings/org.eclipse.equinox.security.prefs:
Ok, so like with any preference, it should be possible to set the default value
Actually it is possible to write your own Password provider. It would have to be a manually entered password type dialog but you could then check it for length etc
Perfect ! Of course not needed at the moment, but good to know it is possible if really needed.
Phillipus
commented
1 year ago I've committed this to master branch now (and rebased archimate32 branch on top of it). There's a new "System" entry in Archi's Preferences dialog under which you can set net proxy, Secure Storage options and the default browser.
Phillipus
commented
1 year ago One more thing. Because the path to the Eclipse secure storage file (key ring) is set in Archi.ini, you will need to launch Archi from Eclipse by clicking on the Launch link in the archi.product file. This will effectively add the following to the Program Args in the Launch Configuration:
-eclipse.keyring @user.home/AppData/Roaming/Archi4/secure_storageOtherwise Archi will use the one at ~/.eclipse/org.eclipse.equinox.security/secure_storage
At the moment we have custom secure credentials storage and proxy settings in coArchi. We need to implement secure credentials and proxy in Archi itself so that other plug-ins can use them.
Proposal is:
I've implemented this in the
security-proxybranch.Eclipse's secure storage has a lot of advantages:
For reference - https://help.eclipse.org/latest/index.jsp?topic=/org.eclipse.platform.doc.user/reference/ref-securestorage-options.htm