[equinox-dev] SWORD4J Analyzed and Secured plugins in RCP platform

[jrosenth@xxxxxxxxxxxxxxxx]

Hi All,

This week a series of plugins analyzed
with the SWORD4J tool have been committed to the security branch of the
equniox-incubator.
( http://www.alphaworks.ibm.com/tech/sword4j
)

Below is the link to page on the equinox
security web site which shows the details :
http://www.eclipse.org/equinox/incubator/security/EJS/ejs.html

The web page lists which plugins are completed and why we made the changes
we made.  In addition these plugins now contain an OSGi permissions/perm
file as well.

Our testing to date has been mainly
to assure that these plugins function as they did before, WITHOUT the FrameworkSecurityManager
turned on.  We are only just beginning our testing with the FrameworkSecurityManager
turned on, so I expect we may be tweaking the permissions as we continue
our testing.

In addition we have a few more plugins
that we are still finishing the analysis of and will be posting very soon.

We are investigating posting "patches"
as well so you can easily see the code changes.

Jay R.
IBM Software Group
Workplace, Portal and Collaboration Software
Workplace Managed Client, Security

"Keep on dancin' through to daylight.
Greet the morning air with song.
No one's noticed, but the band's all packed and gone.
Was it ever here at all?" - Barlow, Weir