[Koha-bugs] [Bug 7804] Add Koha Plugin System
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon May 21 22:36:50 CEST 2012
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7804
--- Comment #22 from Kyle M Hall <kyle.m.hall at gmail.com> ---
(In reply to comment #21)
> I've done some more thinking about the security implications of the plugin
> system. I think the following are required for this to be sufficiently
> secure for use:
> * Both a syspref *and* a configuration setting in koha-conf.xml should be
> required to enable plugins, and both should be disabled by default.
> * Even when plugins are enabled, a separate koha-conf.xml configuration
> setting should be required to enable upload from the staff client.
> * The plugins should be loaded with Module::Load::Conditional, and each type
> of plugin (Tools, Reports, etc.) should use a different interface. e.g.
> Koha::Plugin::Foobar->run_report() and Koha::Plugin::Foobar->run_tool()
> * The plugin host should enable mandatory taint checking.
> * Under no circumstances should the plugin feature add a +Exec directory.
I can understand the configuration setting requirements. However, I cannot
understand how to use Module::Load::Conditional, even after looking at the
example patch you pointed me to. I don't feel it is quite fair to require the
use of a poorly documented perl module. Can you please justify these
requirements?
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list