Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [p2-dev] Automatic Proxy detection, a feature or a security issue?

Hi Stefan,
The way I understood it, it's a bit of both. The combination is what's causing the main headache. I know that Miles is willing to repackage the product if that's necessary but uninstalling the core.net bundles will of course not be possible for other reasons.

Regards,
Thomas Hallgren


Stefan Liebig wrote:
Hi Thomas,

The proxy provider are within the bundle
    org.eclipse.core.net_1.2.0.I20090522-1010.jar
and the fragement
    org.eclipse.core.net.win32.x86_1.0.0.I20080909.jar
for win32 native support.

I am not sure whether this can be uninstalled or switched off easily.

Is the security concern the fact that automatic proxying happens or that the users can see the proxy hosts data?

Tschüß,
Stefan

Thomas Hallgren wrote:
Hi,
I got this email from Miles who is at Morgan Stanley. He's not particularly fond of the new automatic proxy detection that apparently was introduced in Eclipse 3.5.

Can anybody on this list answer his question in the last paragraph? Not sure this is the right forum but at the end, it's all about provisioning.

Thanks,
Thoma Hallgren


Hi Thomas,
 
When I run a fresh install of 3.5.0 classic on windows it queries my environment for proxy information and turns this on by default. (In Window > Preferences > Network Connections I see an 'Active Providers' drop down. 'Native' is selected.) This means that the IDE is capable of installing and updating software from outside the firm firewall by default. Firm security policies prohibit employees from doing this. We therefore need to keep our users trapped behind the firewall.
 
Even if we configure our installs so that proxying is not enabled by default this new feature makes it very easy for our users to switch proxying on. In the past they would have to know the address of a proxy server, which was not common knowledge. Now they just have to select the Native provider in the Network Connections preferences.
 
Do you know if there is a way in which this new feature can be uninstalled or switched off? It is going to make it much more likely that people may intentionally or inadvertently go against firm policy - which is highly undesirable.
 
Regards,
 
Miles Daffin




_______________________________________________ p2-dev mailing list p2-dev@xxxxxxxxxxx https://dev.eclipse.org/mailman/listinfo/p2-dev


Back to the top