Hi Oleg,
thanks for all this information. Couple of comments and further
questions:
*
Runtime option for password: IMHO this is a no-no because simple
ps -ef on Linux will show the commandline that was used for launching
Eclipse, including the plaintext passwrd. It's one of the things I've
always disliked about the old Eclipse Keyring.
*
Runtime option for keyring location: I've always liked this one
because it allowed me to place my old Eclipse keyring into an NTFS
encrypted folder for added security, with rw access only for my user id
- an option that helps reducing the risk of "I copy your keyring and
apply brute force attacks to it" kinds of approaches.
*
Password recovery questions: When would those ever be used?
Arent't these vulnerable to Brute Force Dictionary attacks?
*
Trusted bundles: sounds interesting.
*
Password Provider Priorities: shouldn't the user be able to move
up / move down / enable / disable password providers by Preference
rather than just showing the fixed priorities?
*
[question added by oleg]: that's a bit of information which I
actually found in the docs ;-)
Cheers,
--
Martin Oberhuber, Senior Member of Technical Staff, Wind River
Target Management Project Lead, DSDP PMC Member
http://www.eclipse.org/dsdp/tm
_______________________________________________
equinox-dev mailing list
[email protected]
https://dev.eclipse.org/mailman/listinfo/equinox-dev
