|[p2-dev] Automatic Proxy detection, a feature or a security issue?|
I got this email from Miles who is at Morgan Stanley. He's not particularly fond of the new automatic proxy detection that apparently was introduced in Eclipse 3.5.
Can anybody on this list answer his question in the last paragraph? Not sure this is the right forum but at the end, it's all about provisioning.
When I run a fresh install of 3.5.0 classic on windows it queries my environment for proxy information and turns this on by default. (In Window > Preferences > Network Connections I see an 'Active Providers' drop down. 'Native' is selected.) This means that the IDE is capable of installing and updating software from outside the firm firewall by default. Firm security policies prohibit employees from doing this. We therefore need to keep our users trapped behind the firewall.
Even if we configure our installs so that proxying is not enabled by default this new feature makes it very easy for our users to switch proxying on. In the past they would have to know the address of a proxy server, which was not common knowledge. Now they just have to select the Native provider in the Network Connections preferences.
Do you know if there is a way in which this new feature can be uninstalled or switched off? It is going to make it much more likely that people may intentionally or inadvertently go against firm policy - which is highly undesirable.