Cuberite Forum
My version of a plugin repository - Printable Version

+- Cuberite Forum (https://forum.cuberite.org)
+-- Forum: Plugins (https://forum.cuberite.org/forum-1.html)
+--- Forum: Plugin Discussion (https://forum.cuberite.org/forum-8.html)
+--- Thread: My version of a plugin repository (/thread-1591.html)

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23


RE: My version of a plugin repository - tonibm19 - 05-22-2015

Make a poll and we decide.
Democracy


RE: My version of a plugin repository - jan64 - 05-22-2015

As far as i can tell there is a partial consensus that the name change would be a good thing.
(I'm part of that camp, but pushing something that wasn't fully agreed upon doesn't sound good to me)


RE: My version of a plugin repository - Serial - 05-22-2015

I didn't read through all 10 pages so maybe it was already suggested but maybe instead of or including having the plugin repo's website hosted externally instead you link it internally to the built in CMS page and from there we login to our forum accounts and browse plugins it pulls the list of plugins from an external but secure location and click download/install on the plugins we choose and it downloads it directly in to the plugins folder no middle man and thus secure from fake plugins.


RE: My version of a plugin repository - tigerw - 05-24-2015

(05-22-2015, 07:10 AM)Serial Wrote: I didn't read through all 10 pages so maybe it was already suggested but maybe instead of or including having the plugin repo's website hosted externally instead you link it internally to the built in CMS page and from there we login to our forum accounts and browse plugins it pulls the list of plugins from an external but secure location and click download/install on the plugins we choose and it downloads it directly in to the plugins folder no middle man and thus secure from fake plugins.

If linked to the webadmin, it still needs to be hosted somewhere; as long as by a MCS person, it shouldn't be external.

Linkage to forum/GitHub logins could work, depending on how easily their password hashing can be replicated.

Providing a way to download directly to the Plugins folder from the server is definitely something for consideration, and shouldn't be to hard to add to the webadmin and repository.

What would you mean by middle man and fake plugins? The repository hosts what the plugin developer posts, and with HTTPS, what they uploaded should (at least) be what you download - in that sense, downloading using the browser or the webadmin should be the same. For malicious plugins, that would likely need policing of posts.

Hope that's helpful Smile



ThuGie and bearbin, the repository uses a SQL library for safer requests, would you like to verify that security is indeed improved? Reference: https://forum.cuberite.org/showthread.php?tid=1964&pid=20772#pid20772


RE: My version of a plugin repository - bearbin - 05-24-2015

The injection attacks do appear to be somewhat mitigated.


RE: My version of a plugin repository - Serial - 05-24-2015

(05-24-2015, 04:13 AM)tigerw Wrote: If linked to the webadmin, it still needs to be hosted somewhere; as long as by a MCS person, it shouldn't be external.

Linkage to forum/GitHub logins could work, depending on how easily their password hashing can be replicated.

Providing a way to download directly to the Plugins folder from the server is definitely something for consideration, and shouldn't be to hard to add to the webadmin and repository.

What would you mean by middle man and fake plugins? The repository hosts what the plugin developer posts, and with HTTPS, what they uploaded should (at least) be what you download - in that sense, downloading using the browser or the webadmin should be the same. For malicious plugins, that would likely need policing of posts.

Hope that's helpful Smile



ThuGie and bearbin, the repository uses a SQL library for safer requests, would you like to verify that security is indeed improved? Reference: https://forum.cuberite.org/showthread.php?tid=1964&pid=20772#pid20772

Yeah that's wicked all I really meant by 'hosted externally' was having to leave the local CMS and go to eg: repo.mc-server.org etc.. or even forums.mc-server.org (which is one of the place as you said malicious plugins could be obtained innocently especially if this hits off like it should being a far superior server software compared.) But yeah you explained everything if great detail and I hope to see the plugin page integrated into the local CMS to download from the repo it will be great and make the server even more powerful adding the ability to add/remove plugins at will (while leaving the configs behind even for future re-installation.)


RE: My version of a plugin repository - NiLSPACE - 05-25-2015

Should I create a link in the forum to the plugin repo? I would keep the 'Plugin Releases' subforum since allot of other plugins are still there.


RE: My version of a plugin repository - bearbin - 05-25-2015

Yep. That would be a good idea.


RE: My version of a plugin repository - jan64 - 05-25-2015

No offence, but i don't think the plugin repo is ready.
For once, we might want to either use a simple, or modern UI - what we have atm is REALLY fugly.


RE: My version of a plugin repository - NiLSPACE - 05-25-2015

That's why I named it Beta ^^