[Koha-bugs] [Bug 23890] New: Plugins that utilise possibly security breaching hooks should warn
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Oct 24 16:28:44 CEST 2019
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23890
Bug ID: 23890
Summary: Plugins that utilise possibly security breaching hooks
should warn
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Tools
Assignee: koha-bugs at lists.koha-community.org
Reporter: martin.renvoize at ptfs-europe.com
QA Contact: testopia at bugs.koha-community.org
Bug 22706 introduces a hook for plugins which would allow plugin authors to
nefariously steal user credentials.
We should implement a whitelist/blacklist approach for plugin hooks such that
the end-user is warned about such possible issue upon plugin installation.
Perhaps we should even implement something akin to access permissions as found
on the android app store where you can grant specific rights to a plugin upon
it first asking for said capability.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list