https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20340 --- Comment #56 from David Cook <dcook@prosentient.com.au> --- (In reply to Martin Renvoize from comment #51)
(In reply to Fridolin SOMERS from comment #50)
have a granular set of permissions on the server What about adding to koha-conf.xml a boolean to allow or not uploading plugins ? If not allowed only system admin can add plugins.
My 2c
You can already enable and disable plugins entirely from koha-conf can't you.. I was thinking more having classifactions of plugins so you could allow a whitelist of supported ones for example.. or say.. all cataloguing plugins but not auth plugins.
I like the idea of a whitelist.
I think Fridolin was talking about leaving plugins enabled, but disabling the ability to upload via the Web UI. I've thought about doing this myself. A whitelist could be interesting. I also liked your mention earlier about signed plugins. One way of whitelisting could be to only allow plugins signed by keys you trust. I mean... that's how a lot of software installers already work, right? -- You are receiving this mail because: You are watching all bug changes.