https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20340 --- Comment #54 from David Cook <dcook@prosentient.com.au> --- (In reply to Alex Arnaud from comment #48)
I do understand this argument. I even agree that plugins (and not only authentication ones) could contain security issues. For "our" hosted libraries, we disabled writing permission on plugins directory. Looks like a tricky solution and we probably need a better one but it means that administrators have the final word.
That's really interesting to know. That's probably the most logical way to do it presently, but I agree that it would be nice to have a more elegant solution. I think that's the key thing I'd like to see come out of this discussion really.
IMO plugins are useful (even essential) to satisfy specific libraries requests and not to avoid community processes. i wrote this patch in order to create an authentication plugins that can request many LDAP backends and fallback on an other one. Seems too specific to be suggested to the community. To go further, as discussed above, i think we should consider generally LDAP, CAS etc... as specific feature that would become plugins (may be another debate).
I totally agree in theory. I would love to see all the authentication methods structured as plugins that can be added/removed as necessary, although I think it should be done by administrators rather than librarians.
To return to security topic: Today, many free plugable systems provide repositories with a large amount of plugins that have been reviewed, tested and validated by their community as safe. Users can easily download ones from other sources but they know it's at their own risk. Maybe we should be inspired by that.
I'd argue that "they know it's at their own risk" isn't necessarily true. It's like how many people sign contracts without reading them, or tick the "Terms and Conditions" box without reading the Terms and Conditions. People seem to just assume that nothing bad will ever happen to them. However, I like the sound of the plugins being reviewed, tested, and validated by their community. I recall there being an unwillingness to provide a repository for fear that it would create an "endorsement" of plugins by being in the repository, but... I think you're right. People read and trust reviews. If they had a centralized place for reviewing plugins, I think that could really build confidence in using them, and provide people without technical knowledge a source to make more informed decisions. -- You are receiving this mail because: You are watching all bug changes.