Community
Participate
Working Groups
Currently (if I understand your coding correctly) the keyring password can be passed only by command line arguments. In my opinion, this poses a certain risk for intruders since eclipse commonly resides in a directory anybody can access, whereas the workspace could be directed to a location only the desired user and administrators have access to. It would add more safety to the platform if it would be possible to force a password popup lets say by a -passwordpopup command line argument. Additionally, if other plugins want to rely on the keyrings safety, it should be possible to find out whether a password has been set by the popup (or you just add it to the command line args after the popup has been confirmed). Since the keyring is used to store passwords for other systems (for instance: the password to access a CVS repository which might be a user password for a unix or windows system, or a database user password and the like) some applications might want to store their password only in the keyring if a password has been entered.
Looking further at your coding, I found an additional source of unsecurity. The data is stored in hashmaps within AuthorizationDatabase in clear text. In case of a memory dump it could be possible to read out protected data in almost clear text. Therefore I protect this data always with a generated random password and the java security API. I decrypt the data only where needed to local variables. Coding to do this could look like: /* * Created on 18.05.2004 * by Richard Birenheide (D035816) * * Copyright SAP AG 2004 */ package com.sap.ide.eclipse.rdebug.internal; import java.io.UnsupportedEncodingException; import java.security.Key; import java.security.spec.KeySpec; import java.util.Random; import javax.crypto.Cipher; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.DESKeySpec; /** * Provides encryption and decryption based on a password given with the constructor. * <p> * @author Richard Birenheide (D035816) */ public final class Security { private Cipher ENCRYPTOR; private Cipher DECRYPTOR; /** * Standard constructor. Initializes the class with the password given. * <p> * @param pPassword the password. If password is null, a random password will * be generated. The password must be provided in UTF-8 encoding. */ public Security(String pPassword) throws Exception { byte[] password = null; if (pPassword != null) { try { password = pPassword.getBytes("UTF-8"); } catch (UnsupportedEncodingException e) { password = pPassword.getBytes(); } } else { Random random = new Random(); password = new byte[50]; random.nextBytes(password); } try { KeySpec keySpecFromPassword = new DESKeySpec(password); Key keyFromPassword = SecretKeyFactory.getInstance ("DES").generateSecret(keySpecFromPassword); ENCRYPTOR = Cipher.getInstance("DES"); ENCRYPTOR.init(Cipher.ENCRYPT_MODE, keyFromPassword); DECRYPTOR = Cipher.getInstance("DES"); DECRYPTOR.init(Cipher.DECRYPT_MODE, keyFromPassword); } catch (Exception ex) { ENCRYPTOR = null; DECRYPTOR = null; throw new Exception("Security class cannot be instantiated" , ex); } } /** * Encrypts the given String. * <p> * @param source the string to encrypt. Must be provided in UTF-8 encoding. * @return the encrypted string in bytes. In case the encoding is wrong, an * empty array is returned. */ public byte[] encrypt(String source) { try { return ENCRYPTOR.doFinal(source.getBytes("UTF-8")); } catch (Exception ex) { return new byte[0]; } } /** * Decrypts the given bytes. * <p> * @param source the bytes to decrypt. * @return the decrypted source. The decrypted bytes will be interpreted as * having UTF-8 encoding. In case decryption is not possible, an empty String * will be returned. */ public String decrypt(byte[] source) { try { byte[] decrypted = DECRYPTOR.doFinal(source); return new String(decrypted, "UTF-8"); } catch (Exception ex) { return ""; } } }
*** This bug has been marked as a duplicate of 22220 ***
