Plugins should support simple signing for security/verifiability
Hi all, I've just written a patch that adds simple signing for security/verifiability to Koha plugins: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632. By default, it doesn't really do anything, but if you enable the "RequirePluginSignatures" system preference, you will only be able to upload Koha plugins which have been signed by a trusted Koha plugin author. When uploading a plugin, you'll also be prompted for a signature file, which you'll need to upload in order to successfully upload the plugin. Koha plugin authors can be trusted by uploading/importing their RSA signing public key into Koha. I've included all the possible information Koha users and Koha (plugin) developers could need into my test plan(s). Let me know how you go! I'd love to get feedback. I've been wanting to write this code for a long time, so I finally sat down for about 5 hours and just banged it all out. It's probably far from perfect, but it's functional and hopefully shouldn't add too much of a burden to users or developers. Cheers, David Cook Systems Librarian Prosentient Systems 72/330 Wattle St Ultimo, NSW 2007 Australia Office: 02 9212 0899 Online: 02 8005 0595
participants (1)
-
dcook@prosentient.com.au