https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23890 Bug ID: 23890 Summary: Plugins that utilise possibly security breaching hooks should warn Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Tools Assignee: koha-bugs@lists.koha-community.org Reporter: martin.renvoize@ptfs-europe.com QA Contact: testopia@bugs.koha-community.org Bug 22706 introduces a hook for plugins which would allow plugin authors to nefariously steal user credentials. We should implement a whitelist/blacklist approach for plugin hooks such that the end-user is warned about such possible issue upon plugin installation. Perhaps we should even implement something akin to access permissions as found on the android app store where you can grant specific rights to a plugin upon it first asking for said capability. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.