Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[dtp-pmc] Fw: Fixes for BZ 132556: Password visible in DB Driver Details - delivered

Delivered my changes to Connectivity for BZ 132556: Password visible in DB
Driver Details

Brian Fitzpatrick
Senior Software Engineer
Sybase, Inc.
e-mail: brianf@xxxxxxxxxx
Phone: x7362
----- Forwarded by Brian Fitzpatrick/SYBASE on 04/13/2006 09:32 AM -----
                                                                           
             Sheila Sholars                                                
             <sholars@xxxxxx.c                                             
             om>                                                        To 
             Sent by:                  dtp-pmc@xxxxxxxxxxx                 
             dtp-pmc-bounces@e                                          cc 
             clipse.org                                                    
                                                                   Subject 
                                       Re: [dtp-pmc] Fixes for BZ 132556:  
             04/13/2006 08:43          Password visible in     DB          
             AM                        Driver      Details (please review) 
                                                                           
                                                                           
             Please respond to                                             
              DTP PMC mailing                                              
                   list                                                    
             <dtp-pmc@eclipse.                                             
                   org>                                                    
                                                                           
                                                                           




+1 for using more of the Eclipse framework

Regards,
Sheila
(Embedded image moved to file: pic08613.gif)Inactive hide details for
jograham@sybase.comjograham@xxxxxxxxxx

                                                                           
                         jograha                                           
                         m@sybas                                           
                         e.com                                             
                         Sent    (Embedded image moved to file:            
                         by:     pic24979.gif)                             
                         dtp-pmc                                        To 
                         -bounce            (Embedded image moved to file: 
                         s@eclip            pic18569.gif)                  
                         se.org             DTP PMC mailing list           
                                            <dtp-pmc@xxxxxxxxxxx>          
                                 (Embedded image moved to file:            
                         04/13/2 pic00666.gif)                             
                         006                                            cc 
                         06:37              (Embedded image moved to file: 
                         AM                 pic07679.gif)                  
                                 (Embedded image moved to file:            
                                 pic27577.gif)                             
        Please respond to                                          Subject 
       DTP PMC mailing list                 (Embedded image moved to file: 
                                            pic27837.gif)                  
                                            Re: [dtp-pmc] Fixes for BZ     
                                            132556: Password visible in DB 
                                            Driver Details (please review) 
                                                                           
                                                                           
                                 (Embedded image moved to file:            
                                 pic03402.gif)                             
                                        (Embedded image moved to file:     
                                        pic23115.gif)                      
                                                                           
                                                                           



+1 for this feature in Callisto.

Linda, Sheila:

Any thoughts or votes here?

Regards,
John Graham
Eclipse Data Tools Platform PMC Chair
Staff Software Engineer, Sybase, Inc.
http://dataplat.blogspot.com/




            brian.fitzpatrick
            @sybase.com
            Sent by:                                                   To
            dtp-pmc-bounces@e         dtp-pmc@xxxxxxxxxxx
            clipse.org                                                 cc

                                                                  Subject
            04/12/2006 04:32          [dtp-pmc] Fixes for BZ 132556:
            PM                        Password visible in DB Driver
                                      Details (please review)

            Please respond to
             DTP PMC mailing
                  list
            <dtp-pmc@eclipse.
                  org>







Hi all...

I would like permission from the DTP PMC to deliver fixes to Connectivity
for BZ 132556: Password visible in DB Driver Details.

The issue for this entry was that when you create a driver instance, the
default password is unmasked, but when you go to the profile and change the
password, it's masked.

To fix this, we could have simply made the password property for driver
instances a special case and indicated in the template XML that it should
be masked in the UI. Instead, we took this as an opportunity to provide a
more open framework for custom handling of driver properties.

If you look at the existing Edit Driver dialog (available when you create a
new driver instance or edit an existing one on the Preferences dialog on
the Connectivity -> Driver Definitions page), the bottom until now has been
a simple table with two rows - Name and Value -- since each driver instance
property is simply a name/value pair. This worked fine until we wanted to
provide a more flexible editor for the driver property.

So we have hosted an instance of the Eclipse Property Viewer at the bottom
of the Edit Driver dialog to replace the table that had been there.

This gives us many new abilities:

1) We can logically group properties into categories with collapsible
sections.

2) We can provide custom property descriptors for individual properties to
allow much more flexible editing. In the basic case, we provide
TextPropertyDescriptors, but for passwords we now have the ability to use a
PasswordTextPropertyDescriptor that masks the entry and display of the
property data in the UI. This is as flexible as the developer wants to be
-- one example I saw had a button as the editor, which popped up a custom
dialog to allow the user to edit that property in a more understandable
manner (I believe it was height/width of a button).

See the attached screen shot:

(Embedded image moved to file: pic01623.jpg)


These two new abilities are additions to the schema for the driverTemplate
extension point from Connectivity. We add two new attributes to the
property tag -- category and customPropertyDescriptor.

By default, all properties will appear in the "General" category unless the
developer specifies a category for each property. So for example, if the
developer wanted to group properties into "Required" and "Optional"
categories, they would do it in this manner.

The customPropertyDescriptor attribute points to a class that extends
org.eclipse.ui.views.properties.PropertyDescriptor. We have implemented a
PasswordTextPropertyDescriptor object
(org.eclipse.datatools.connectivity.ui.PasswordTextPropertyDescriptor),
which provides a property editor that masks the characters for a password
property. Users are free to use this class for their own password
properties or implement whatever custom Property Descriptor class they want
and use it in their driver template for whatever properties they'd like. Or
if they want to make the property values read-only, they can use
org.eclipse.ui.views.properties.PropertyDescriptor directly.

These changes are pretty minor to the driver framework and to the existing
driver templates for derby and the other sample driver templates.

Note the following limitations of this approach.

1) It does not actually encrypt the default password specified for the
driver instance. It hides it from the casual user.
2) The metadata file in which driver instances are stored in the workspace
is not encrypted in any way. Neither are the plugin.xml files where
developers will specify their driver templates.
3) The driver instances merely store default values for components that the
connection profile will then take and use.
4) If you want your driver instances to be secure, you should not specify
any authentication information (user name/password) in the driver instance.

Ultimately, this fix simply addresses an inconsistency in how passwords
were displayed to the user in the DTP/Connectivity UI and provides some
additional flexibility for grouping and editing driver instance properties.

Sorry this is so long winded!

Thanks for your time.
--Fitz

Brian Fitzpatrick
Senior Software Engineer/DTP-Connectivity Committer
Sybase, Inc.
e-mail: brianf@xxxxxxxxxx(See attached file: pic01623.jpg)[attachment
"pic01623.jpg" deleted by John Graham/SYBASE]
_______________________________________________
dtp-pmc mailing list
dtp-pmc@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/dtp-pmc


_______________________________________________
dtp-pmc mailing list
dtp-pmc@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/dtp-pmc
_______________________________________________
dtp-pmc mailing list
dtp-pmc@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/dtp-pmc

Attachment: pic08613.gif
Description: GIF image

Attachment: pic24979.gif
Description: GIF image

Attachment: pic18569.gif
Description: GIF image

Attachment: pic00666.gif
Description: GIF image

Attachment: pic07679.gif
Description: GIF image

Attachment: pic27577.gif
Description: GIF image

Attachment: pic27837.gif
Description: GIF image

Attachment: pic03402.gif
Description: GIF image

Attachment: pic23115.gif
Description: GIF image


Back to the top