[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[equinox-dev] SWORD4J Analyzed and Secured plugins in RCP platform


Hi All,

This week a series of plugins analyzed with the SWORD4J tool have been committed to the security branch of the equniox-incubator.
( http://www.alphaworks.ibm.com/tech/sword4j )

Below is the link to page on the equinox security web site which shows the details :
http://www.eclipse.org/equinox/incubator/security/EJS/ejs.html

The web page lists which plugins are completed and why we made the changes we made.  In addition these plugins now contain an OSGi permissions/perm file as well.


Our testing to date has been mainly to assure that these plugins function as they did before, WITHOUT the FrameworkSecurityManager turned on.  We are only just beginning our testing with the FrameworkSecurityManager turned on, so I expect we may be tweaking the permissions as we continue our testing.

In addition we have a few more plugins that we are still finishing the analysis of and will be posting very soon.

We are investigating posting "patches" as well so you can easily see the code changes.

Jay R.
IBM Software Group
Workplace, Portal and Collaboration Software
Workplace Managed Client, Security
"Keep on dancin' through to daylight.
Greet the morning air with song.
No one's noticed, but the band's all packed and gone.
Was it ever here at all?" - Barlow, Weir