Stop Storing Atelier Credentials

Question

Question

David Crawford · Jun 14, 2018

As part of our security standards, we can't have our applications saving our credentials. For Atelier, this means our server connections. Is there a way to stop this by saving the connection parameters, but prompting for credentials on each run? Or is there another way?

Thank you

Discussion (6)0

Log in or sign up to continue

Robert Cemper · Jun 15, 2018

David,
I digged a little bit following your hint into Eclipse.

menu Windows / Prefernces (by user !) presented this image

and this is the content of storage_location

#Equinox secure storage version 1.0 #Fri May 25 19:54:27 CEST 2018 /com.intersystems.atelier.connmgr/ENS/port=\t,NTc3NzQ\= /com.intersystems.atelier.connmgr/ENS/ssl=\t,ZmFsc2U\= /com.intersystems.atelier.connmgr/2016-2/user=\t,cmNlbXBlcg\=\= /com.intersystems.atelier.connmgr/2016-2/pass=org.eclipse.equinox.security.windowspasswordprovider64bit\tw+5qObI6N8Y\=,FVLqyPMCkoqq6Q7jjl0Wyw\=\= /com.intersystems.atelier.connmgr/ENS/host=\t,bG9jYWxob3N0 /com.intersystems.atelier.connmgr/2016-2/ssl=\t,ZmFsc2U\= /org.eclipse.equinox.secure.storage/verification/org.eclipse.equinox.security.windowspasswordprovider64bit=org.eclipse.equinox.security.windowspasswordprovider64bit\tvhjCbjyiXyI\=,kN4AlU0D0lskPVn+ZkduJBzTJLtNI69y org.eclipse.equinox.security.preferences.keyFactory=PBEWithMD5AndDES /com.intersystems.atelier.connmgr/2016-2/port=\t,NTc3NzI\= /org.eclipse.equinox.secure.storage/windows64/encryptedPassword=\t,QVFBQUFOQ01uZDhCRmRFUmpIb0F3RS9DbCtzQkFBQUFITms3N0Z1ZTVVZTZuY1JuZUpLT0pnQUFBQUFRQUFBQVJRQnhBSFVBYVFCdUFHOEFlQUFBQUJCbUFBQUFBUUFBSUFBQUFMejUrdHB5MnVhUXVmWGIxNloyYm9kZGpNWFliNEFRdHBickJodnlwU0pPQUFBQUFBNkFBQUFBQWdBQUlBQUFBTHFOWmFFNUhnWTdBNytjRFhoQ1d5NVdIajJGcVJkVWNJTjVhS2l1NkVlQVlBRUFBSnRlODlWYWVkSFdLREh0OHY1aFhrc1NyL2RwaFVoWFV3V2RJNDdraXFhZk9RdVowK3ZVdUk4bzJFOUNwL2JtS2Q5YVc3WG9mN0YrQlBjOWhja0R1UXRWbzB3QkRuQkM4SW5MTWh1L2haVTNHRmhGODQxUEZSZHhOeDlVMmRjU0tFcXZtZEpVSXlQbjJZWWlEUWpMV2JnVEZ0Z1NlajVVV1RldUxPWEFUaXRSMDBqM1hTWjB0ZmlDK2ZlVE8rVEtIa3VkTnZXZGNBNS9UQ2gydDhOUEVWRHljd2F6WjVkK3IyOVdjS1BjVlNNaXFUTVZMR1FFdlB3M1ZPTUhhSVVUNTR4SEVOV3dncndJZ0J2S0JVU3NHVVVNSER2dE44MUJUNUEvVnc1TVR6VmMyNWkwUk4wandtRzUvSWJyaHhVSy81STFwanhaL0czRFJ1eGlZZWhpQkREM3JRTzdPSE5lVlRxdmk0bSt2cUxoQlUxYi9LcVNqSkNFMktLa2RGby9vaDRMeGJscHdhcHFOa09maURLZi8yVmpnTkd1UTRyVEJnVEIxSUpBRFA0TExZMWJyeUttV0dicE5adG1xRDBpVURCc3BQQ3FmOUh0L1BBSHV3a1lNUTFBQUFBQUkyS2RnYjVSajhXYmxSd0xXdGZZZndodmJ4eDFDR2tZYy9UNWI2eThLZFdrOUJSdTV6VzRneC9WTjVwemRTaVl0UjZnZVVBQmdHSkE0OVI3YXg5amxRPT0\= /com.intersystems.atelier.connmgr/ENS/user=\t,cmNlbXBlcg\=\= /org.eclipse.equinox.secure.storage/recovery/org.eclipse.equinox.security.windowspasswordprovider64bit/org.eclipse.equinox.security.internal.recovery.question2=\t,cHJlZmVycmVkIGJhbmQ\= /org.eclipse.equinox.secure.storage/recovery/org.eclipse.equinox.security.windowspasswordprovider64bit/org.eclipse.equinox.security.internal.recovery.question1=\t,bW90aGVyJ3MgbmFtZQ\=\=
/com.intersystems.atelier.connmgr/ENS/pass=org.eclipse.equinox.security.windowspasswordprovider64bit\tp9QyPCw3qvU\=,ZefLoWUenz48mT11jp1crA\=\=
org.eclipse.equinox.security.preferences.cipher=PBEWithMD5AndDES
/com.intersystems.atelier.connmgr/2016-2/host=\t,bG9jYWxob3N0
org.eclipse.equinox.security.preferences.version=1
/org.eclipse.equinox.secure.storage/recovery/org.eclipse.equinox.security.windowspasswordprovider64bit/org.eclipse.equinox.security.internal.recovery.password=org.eclipse.equinox.security.recoveryModule\tA0LP4JVoFdk\=,SzaccA06wSF+uh0AtcUhHwSgaGG6D2zZ1NOTJsm/ulkjaBmWAppasPrnkWJgOJb6C5insCpZcCyHKNPOOSKLXb1kuxkPDHo++9aEGbFxlbpmCO4p483ToK25KXgV0E+Gj5u4EPsHpsYvb4L4wAtyeESf0gZnbxKim3YqsFrim1SEuZKGoZH3QjYWxM0auPlFwnvgyK6RwfyznDbHvvWTtl4G3Hq4B1X3+cbqOdrkanDCjYFsQ2eutlddFe52AId+kqg1TplQL51PQFILIxHjg2LRmp2Qol321Oex7Oqk1iiddZmTeY/ToBTEzJCCdr1JbGIY5Pi3XJ3NRGyRF0rAsYC46+m6T3NmJsNid6I/V3t5BaOvFsxxfjfs9XXJ25RRWY6OiHbkp/dwsMaEMjy0zkEI3B4qvXOc7Gbf5wGyR9dXsqLEv2LzlDDY8Ne/kWU2v6J6S59EdU8\=

I doubt that without hijacking your (Windows ?) account this can NOT be misused.

2 0

score 0 · Answer 1 · 2018-06-14T17:08:06-04:00

suggested OTHER WAY.

Run Cache locally and connect to the server over ECP.
So Atelier does a local access and the rest follows your rules.
So your standards are observed.
Managing this config might be some extra effort.

score 0 · Answer 2 · 2018-06-15T10:29:52-04:00

Thank you for the suggestion, unfortunately we don't have the option of having local Cache installs. Perhaps if I knew more about how the credentials are stored that would help, or where they go?

I wonder if this is related:

https://help.eclipse.org/oxygen/index.jsp?topic=%2Forg.eclipse.platform.doc.user%2Freference%2Fref-securestorage-start.htm

score 1 · Answer 3 · 2018-06-18T09:09:16-04:00

David Crawford · Jun 18, 2018

Hey thanks for looking into the source! This should hopefully suffice for what we need.

1 0

score 2 · Answer 4 · 2018-06-15T13:10:36-04:00

I have checked the beta version of Atelier and I cannot see any way around this. Perhaps this should be added as a new feature request? As far as I know, the Atelier-plugin is closed source so you cannot extend it. You may be able to write your own connection adapter to achieve your goal but I am only speculating.

In the 'Server Explorer View' you must specify all of the fields. Your saved connections are also visible via the the Preferences > Security > Secure Storage then Contents tab and 'com.intersystems.atelier.connmgr'. These saved connections are mapped to your projects.

Personally, I would opt to create a master password for eclipse so that you are prompted for some kind of password during first launch. You can also tweak the encryption algorithm used to meet you security audit requirements. Alternatively, you can launch eclipse and pass in a password file and add the file location to your eclipse.ini file as described here. At least with secure storage, your passwords can be stored securely and not in plain text.

score 4 · Answer 5 · 2018-06-19T15:44:26-04:00

Another option would be to disable the OS-specific password provider for your secure storage. That way you will be asked for the master password each time Eclipse starts up.

You can do this from your Eclipse preferences by selecting General > Security > Secure Storage and unchecking the OS-specific option:

If the options laid out in this DC post do not meet your security standards you can feel free to reach out to Support. An advisor will be able to discuss your requirements in more depth and find you a solution that fits your needs.