Notice: Any messages purporting to come from this site telling you that your password has expired, or that you need to verify your details, confirm your email, resolve issues, making threats, or asking for money, are
spam. We do not email users with any such messages. If you have lost your password you can obtain a new one by using the
password reset link.
Due to spam on this forum, all posts now need moderator approval.
Entire forum
➜ MUSHclient
➜ Suggestions
➜ Trusted Plugins in Lua
It is now over 60 days since the last post. This thread is closed.
Refresh page
| Posted by
| Xevira
(11 posts) Bio
|
| Date
| Mon 27 Feb 2006 05:54 PM (UTC) |
| Message
| As you know, you can modify the Lua sandbox to have "trusted" plugins. Well, I don't know about you, but some people that I've given plugins to aren't the sharpest knives in the draw when it comes to technical changes, if you catch my meaning. Since there's no way (which there shouldn't be!) for a plugin to make itself trusted and many people that get plugins for Lua might rather not have to modify the sandbox, I propose a flag for plugins "Trusted", if it wouldn't be any trouble. This would be settable in the plugins dialog box either by a button or a right click menu, however it is done. A plugin marked this way would completely bypass the sandbox. Of course, plugins that aren't Lua would make this pointless, unless they had something that MUSHclient could filter, like denying VBscripts access to some things with the system. This could also be expanded to cover worlds as well.
I'm sure there are a number of reasons NOT to do this, but it doesn't hurt to make a suggestion. | | Top |
|
| Posted by
| Nick Gammon
Australia (23,165 posts) Bio
Forum Administrator |
| Date
| Reply #1 on Fri 03 Mar 2006 05:54 AM (UTC) |
| Message
| I think one of the reasons Windows has so many security problems is that they tried to make it too easy to use.
There is a trade-off between security and ease-of-use.
Having a simple checkbox that you could tick would tend to let naive users be fooled by a malicious plugin author because it would become the norm to "trust" everyone's plugin.
What things do you really need to do in a plugin that can't be done with the sandbox? If we disabled that, a plugin could:
- Delete files
- Rename files
- Read files
- Change files
- Execute any operating-system command
I don't think it is desirable to allow plugins to easily do that. |
- Nick Gammon
www.gammon.com.au, www.mushclient.com | | Top |
|
The dates and times for posts above are shown in Universal Co-ordinated Time (UTC).
To show them in your local time you can join the forum, and then set the 'time correction' field in your profile to the number of hours difference between your location and UTC time.
10,130 views.
It is now over 60 days since the last post. This thread is closed.
Refresh page
![[Go to top]](/images/gototop.gif)
top