[Koha-bugs] [Bug 7804] Add Koha Plugin System
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon May 21 19:04:58 CEST 2012
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7804
Jared Camins-Esakov <jcamins at cpbibliography.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|Needs Signoff |Failed QA
--- Comment #21 from Jared Camins-Esakov <jcamins at cpbibliography.com> ---
I've done some more thinking about the security implications of the plugin
system. I think the following are required for this to be sufficiently secure
for use:
* Both a syspref *and* a configuration setting in koha-conf.xml should be
required to enable plugins, and both should be disabled by default.
* Even when plugins are enabled, a separate koha-conf.xml configuration setting
should be required to enable upload from the staff client.
* The plugins should be loaded with Module::Load::Conditional, and each type of
plugin (Tools, Reports, etc.) should use a different interface. e.g.
Koha::Plugin::Foobar->run_report() and Koha::Plugin::Foobar->run_tool()
* The plugin host should enable mandatory taint checking.
* Under no circumstances should the plugin feature add a +Exec directory.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list