From: Victor B. <vb...@gm...> - 2007-10-15 03:44:50
|
Hi Vincent, Van, On 10/14/07, Van Tate Jr. <va...@pa...> wrote: > It's really the nature of the beast when you start dealing with > plugin/hooks type systems in web applications. As a security auditor for > banks I can say with experience that the only way to -prevent- malicious > code in plugins is to not implement plugins. The core application can only > protect itself so much. > > Plugin systems, by their very nature in web apps, come with risk and they > force the user to trust the specific developer of the plugin. > > On Sun, 14 Oct 2007, Vincent DEBOUT wrote: > > > I raised a security point on the wiki about the possibility to hack > > Mantis with plugins. A plugin could be a malicious code, we need to find > > something to prevent that. I agree with Van, plug-ins are made of PHP code and hence it would be very hard to limit what they do. I think it is up to the admin installing the plug-ins to decide whether to install 0 plug-ins, or plug-ins of just certain authors or internally developed plug-ins. What I am worried about more is the case where plug-ins are implemented that are less secure than Mantis core code base. For example, printing data without escaping it or saving data to the database without escaping it. In this case the lack of security is unintentional. The way to work around that is through having good documentation for plug-in developers and ideally reviewing the code of the plug-ins that are included on Mantis website. Regards, Victor |