The Rhapsody IDE stores the details of trusted Rhapsody engines using a combination of the registry and the Windows® certificate store. Each Rhapsody engine has its own registry key stored under HKEY_CURRENT_USER\Software\Rhapsody\Rhapsody IDE 6\Engines, where the engine registry key is named after its hostname and port combination. For example, a Rhapsody engine with hostname rhap listening on port 3041 would have its details stored at HKEY_CURRENT_USER\Software\Rhapsody\Rhapsody IDE 6\Engines\rhap:3041.
Up to two registry values may be stored under each of these registry keys:
|
Name
|
Type
|
Description
|
|---|---|---|
| CertificateThumbprint | String | The SHA-1 thumbprint of the Rhapsody engine's SSL certificate. This is used to determine when the SSL certificate subsequently changes. |
| IgnoreHostnameCheck | DWORD | This value can be set to non-zero to indicate that the Rhapsody IDE should not verify that the hostname used to connect to the engine can be found in its SSL certificate. By default the hostname check is enabled unless the connection is to 'localhost' or '127.0.0.1'. |
The SSL certificates themselves are not stored in the registry, but are instead stored in the current user's Windows® certificate store in a section called Rhapsody IDE. These certificates are not actually consulted when authenticating a Rhapsody engine (the SHA-1 thumbprint is sufficient for that), but are stored so that they can be displayed to the user subsequently if the certificate changes, or if viewing them via the Rhapsody IDE Trust Manager. Consequently these certificates can be removed without affecting the authentication process.
As this information is just stored in the registry, the system administrator can populate the registry with the connection details of pre-authenticated engines. While these can be created in HKEY_CURRENT_USER, that would allow the user to modify those keys themselves. They can alternatively be created in HKEY_LOCAL_MACHINE so that a non-administrative user is unable to modify them.
The Rhapsody IDE actually retrieves the connection details for trusted Rhapsody engines from two of the following three locations:
HKEY_CURRENT_USER\Software\Rhapsody\Rhapsody IDE 6\Engines.HKEY_LOCAL_MACHINE\Software\Rhapsody\Rhapsody IDE 6\Engines(32-bit).HKEY_LOCAL_MACHINE\Software\Wow6432Node\Rhapsody\Rhapsody IDE 6\Engines(64-bit).
The connection details for 32-bit and 64-bit computers are stored in different locations. The relevant architecture here is the computer the Rhapsody IDE is running on, not the architecture the Rhapsody engine is running on.
Any connection details stored within HKEY_LOCAL_MACHINE are treated as read-only by the Rhapsody IDE and Rhapsody IDE Trust Manager (even if the current user happens to have administrative privileges on the local machine). In addition, if connection details are found in both HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE for the same Rhapsody engine, the read-only connection details in HKEY_LOCAL_MACHINE take precedence. Therefore, a non-administrative user cannot override the settings from the system administrator.