Bug 173413 - NetBeans keyring
NetBeans keyring
Status: RESOLVED FIXED
Product: platform
Classification: Unclassified
Component: Options&Settings
6.x
All All
: P2 (vote)
: 6.x
Assigned To: Jesse Glick
issues@platform
: API, API_REVIEW_FAST
Depends on: 178571 179839 181179 181707 182114 183068 183494 183618 185480
Blocks: 166648 171900 173093 173154 178165 178167 178168 178169 180119
  Show dependency treegraph
 
Reported: 2009-09-30 17:37 UTC by Jesse Glick
Modified: 2010-05-05 08:04 UTC (History)
7 users (show)

See Also:
Issue Type: ENHANCEMENT
:


Attachments
Current patch (128.65 KB, patch)
2009-12-04 14:34 UTC, Jesse Glick
Details | Diff
Kwallet support through qdbus (11.64 KB, patch)
2010-02-01 22:06 UTC, psychollek
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jesse Glick 2009-09-30 17:37:45 UTC
There should be a common API in the Platform for securely persisting passwords and similar login credentials. Native
keyrings should be used where possible for the best user experience: Gnome Keyring, KDE KWallet, Mac OS X Keychain, TBD
on Windows (ideally whatever gets opened by fingerprint readers). If a native keyring is not available, passwords can be
kept in a -rw------- file in the userdir encrypted by a master password, similar to Firefox or Thunderbird.
Comment 1 Jesse Glick 2009-09-30 18:04:13 UTC
Various existing IDE features save passwords in the userdir in insecure ways, such as:

glassfish.properties#sjsas.password
config/Preferences/org/netbeans/modules/kenai/ui.properties#kenai.password
config/Databases/Connections/jdbc_derby___*.xml#/connection/password/@value
config/Preferences/org/netbeans/modules/uihandler.properties#Passwd

Others avoid saving passwords even when it would be helpful, such as Hudson servers.

Experimenting in patch branch: http://hg.netbeans.org/prototypes/rev/keyring-173413
Comment 2 Jesse Glick 2009-10-01 01:43:06 UTC
The equivalent feature in Eclipse 3.4:

http://update.eclipse.org/downloads/drops/R-3.4-200806172000/whatsnew3.4/eclipse-news-part3.html#equinox.security.storage

Gnome support already implemented. Mac OS X support should be possible using

http://developer.apple.com/mac/library/documentation/Security/Reference/keychainservices/Reference/reference.html

The closest Windows equivalent to a keyring according to

http://stackoverflow.com/questions/442923/windows-equivalent-of-os-x-keychain

looks to be Pstore, but this is read-only as of Vista and deprecated. Seems as of W2k you are supposed to use
CryptProtectData

http://msdn.microsoft.com/en-us/library/aa380252(VS.85).aspx#data_encryption_and_decryption_functions

and presumably store the result in an app-specific area such as NbPreferences.
Comment 3 Jesse Glick 2009-10-01 20:01:03 UTC
Win32 support now implemented. Platform-independent fallback support in progress. In use by the Hudson integration so far.
Comment 4 Jesse Glick 2009-11-19 16:11:41 UTC
Master password platform-independent fallback impl basically working, though it likely needs UI tuning. Mac Keychain support implemented.
Comment 5 Jesse Glick 2009-11-30 07:24:27 UTC
Consider org.eclipse.core.runtime.compatibility.auth interoperability.
Comment 6 Jesse Glick 2009-12-04 14:34:04 UTC
Please review this new API. Only seven simple methods in the API. No apichanges entries yet. Things that are implemented:

1. Storage of passwords in the Gnome keyring, for Gnome users (tested on Ubuntu).

2. Storage of passwords in the Mac OS X keychain, for Mac users.

3. Encryption of passwords using a login key, for Windows users.

4. Storage of passwords in the user directory protected by a configurable master password, for anyone who cannot use 1-3 (e.g. KDE users if no one writes a KWallet integration).

5. Use of keyring for Hudson server logins.

6. Use of keyring for NetBeans proxy settings.

7. Use of keyring for NetBeans internal HTTP authenticator (if anything is using this).

8. Use of keyring for exception reporter login.

9. Use of keyring for Kenai login.
Comment 7 Jesse Glick 2009-12-04 14:34:32 UTC
Created attachment 92152 [details]
Current patch
Comment 8 Jesse Glick 2009-12-11 10:48:12 UTC
core-main #a6e54ff61f93
Comment 9 Quality Engineering 2009-12-12 06:41:06 UTC
Integrated into 'main-golden', will be available in build *200912120559* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress)
Changeset: http://hg.netbeans.org/main/rev/a6e54ff61f93
User: Jesse Glick <jglick@netbeans.org>
Log: Issue #173413: create common API for managing user passwords in a secure keyring.
Comment 10 Vladimir Voskresensky 2010-01-12 07:31:02 UTC
Security question:
1) Keyring.read(key) is available for everyone
2a) master pwd dialog is displayed before a client's dialog is displayed => user doesn't know the reason who needs access to password
or 
2b) after opening keyring it is then opened for full IDE session
=> If I know keys used by important clients => someon can easily write in his plug-in the code to steal all passwords
right?
Comment 11 Jesse Glick 2010-01-12 08:29:20 UTC
Yes, of course. All NB modules are granted full permissions on the system; there is no applet-like security container. Regardless of any keyring API, module code can read your email, steal passwords from elsewhere in the JVM or other processes you ran, and so on. If you don't trust a module, don't run it.

The goal of this API is to permit modules to persist passwords to disk more securely than the previous option, which was to store them in cleartext or using only obfuscation.

(BTW for any problems you find, please open separate bugs blocking this one - do not reopen.)
Comment 12 Vladimir Voskresensky 2010-01-12 08:58:03 UTC
ok. thanks
Comment 13 psychollek 2010-02-01 22:06:27 UTC
Created attachment 93743 [details]
Kwallet support through qdbus

I created KWallet support - it works by calling qdbus command which is installed by default with any kde (on linux - I don't know about solaris - but propably dbus is not there) and most propably is not widely available otherwise.
Comment 14 Jiri Kovalsky 2010-04-06 12:58:25 UTC
Jesse, what do you think about Adam's patch from February 1st?
Comment 15 Jesse Glick 2010-04-06 14:39:11 UTC
(In reply to comment #14)
> what do you think about Adam's patch from February 1st?

Long since integrated; see bug #179839.
Comment 16 Jiri Kovalsky 2010-04-07 09:38:15 UTC
OK, thanks Jesse.


By use of this website, you agree to the NetBeans Policies and Terms of Use. © 2012, Oracle Corporation and/or its affiliates. Sponsored by Oracle logo