Community
Participate
Working Groups
The default encryption framework in Connectivity encrypts/decrypts an exported connection profile store file by using the encryption key spec that is read from a file embedded in the o.e.d.connectivity bundle. This could be a security vulnerability as the file containing the key spec is readily available to anyone who unpacks the open source bundle. This enhancement is to add a new extension point to allow adopters to extend the connection profile store encryption framework with a custom provider of javax.crypto.Cipher instances for files with a specified file extension. The existing default cipher provider will continue to be used if no cipher provider extension is registered for a file extension.
Created attachment 203881 [details] Patch for the new cipherProvider extension point The attached Git patch adds a new cipherProvider extension point to allow adopters to extend the connection profile store encryption framework. See the schema/cipherProvider.exsd for the schema definition and documentation.
Linda, the patch looks fine to me. This has been something we wanted to do for many years, so I'm good with the idea. :)
Thanks Fitz for the review. Committed the contribution of the new org.eclipse.datatools.connectivity.cipherProvider extension point. Tagged with v201109241211. Git commit log: http://git.eclipse.org/c/datatools/org.eclipse.datatools.connectivity.git/commit/?id=953a7dd55c8ec2ef256dd61877b1614b6c2f2eb3
Fixed backward compatibility in internal SecurityManager methods. Also upgraded the Profile Console Application to adopt the newly extendable encryption framework. Tagged with v201109250955. Git commit log: http://git.eclipse.org/c/datatools/org.eclipse.datatools.connectivity.git/commit/?id=232beda86deccf8decb862f37df424f0256a68de
