I was thinking of several ways to ensure security in a plugin based system. Now, when I say "Security", I mean the following:
a) How Plugin developers can ensure that plugins are safe and secure to use on the Core platform. b) How can plug-in developers ensure that the plugins used on their platform are “reliable”, that is, in some way with which we know that WHO has developed this plug-in (similar to what Facebook does with their API keys) c) How can developers control what changes the plugin will make to the user interface (if it is allowed at all)? For example, a plug-in that is allowed to customize the user interface and redirect the plug-in user to certain web pages leads the user to a phishing site.
I have my initial thoughts on this issue: On a) I am considering whether the use of the Sandbox will be effective enough. Will this protect the plugin, say, for Direct DB calls to do some naughty things? Is it possible to restrict plug-in access to the local system without significantly affecting the functionality of the system? What are your ideas on this?
In b), I believe that Facebook-based authentication is the way to go. But wouldn't it be redundant for a small application ("Small" in the sense that it is smaller than Facebook or Jira)? Are there any other options?
C) I will be honest and say that I have no idea how this can be implemented. Any opinions there?
So the question is how to ... implement security in the plugin architecture?