Java, Secure Development and other IT related Thoughts
-
From Actions to Commands
I moved from Actions to Commands lately for all XML Security Tools operations. Except some removed icons, the XML Security context menu doesn't look much different. So why all the work (or trouble)? Well, Commands are much cooler: clean separation of UI and business logic, and therefore reusable. Yes, it's possible to reuse Actions too,…
-
JCrypTool 1.0.0 Milestone 5 available
JCrypTool 1.0.0 Milestone 5 is finally available for Linux, Mac and Windows systems on our download page. Be aware that it is not possible to use the update manager in Milestone 4a or older to update to the new version. We are sorry for the inconvenience, but there are more changes included in Milestone 5…
-
Running an Eclipse RCP on Mac OS X Snow Leopard
Since I have updated to Snow Leopard lately I ran into the JVM 64 bit problem. SWT is simply not available for Mac OS X with 64 bit. This hit me when launching JCrypTool the first time after updating. The solution to fix this is to add -d32 as a VM argument for in the…
-
Eclipse RCP – exporting for multiple platforms
In case you want to deploy a feature based RCP for more than one platform (with the delta pack): Do not forget to add the org.eclipse.rcp feature either as included feature to one of your features or add it directly to your product configuration. The org.eclipse.rcp feature includes all the platform dependent plug-ins and fragments…
-
Apache Santuario 1.4.3 available
Version 1.4.3 of Apache XML Security (Santuario) is available. In case you do use this API you should update as soon as possible to the new release. This release doesn't provide any new features, but includes a lot of bug fixes, including a correction for the relatively serious security vulnerability that has been discovered lately.
-
HMAC truncation authentication bypass in XML Signature
There is a vulnerability with XML Signatures. The W3C recommendation includes support for HMAC truncation, as specified in RFC2104. The thing is, this support is not complete: The RFC does not allow truncation to less than half of the length of the hash output or less than 80 bits (whatever comes first). The XML Signature…
-
Using Eclipse SWT.SEARCH
After reading Prakash G.R. great blog posts (here and here) about the Eclipse search field I have submitted some updates to the algorithm search in JCrypTool. And noticed some additional things which are in my eyes quite important when using SWT.SEARCH. What happens in JCrypTool when using the algorithm search is that the Algorithm view…
-
JCrypTool milestone 5 development update
It’s been a while since I last blogged about the upcoming JCrypTool milestone 5. Time for an update. Milestone 5 is still scheduled for end of July/ beginning August. No exact date yet, still too far away. New implemented features up to today are a web browser plug-in and a lot of extensions to existing…
-
Eclipse help and the dynamic help view
Writing help files for an Eclipse RCP is easy. Help content is simply provided as normal html files. And of course it is possible to format the html code using css. The problem now is, that help view and help browser use the same css, but the view is of course much smaller. To solve…
-
Integrating help in an Eclipse Rich Client Platform
Integrating help into an Eclipse RCP does not require a lot of work. Simply use the ActionFactory to add the help menu item to an existing menu in your ApplicationActionBarAdvisor class: IWorkbenchAction helpAction = ActionFactory.HELP_CONTENTS.create(window); // in makeActions(IWorkbenchWindow window) register(helpAction); // registration is required menu.add(helpContentAction); // add it to the desired menu And voilà, the…