My version of a plugin repository
#91
Make a poll and we decide.
Democracy
Reply
Thanks given by:
#92
As far as i can tell there is a partial consensus that the name change would be a good thing.
(I'm part of that camp, but pushing something that wasn't fully agreed upon doesn't sound good to me)
Reply
Thanks given by:
#93
I didn't read through all 10 pages so maybe it was already suggested but maybe instead of or including having the plugin repo's website hosted externally instead you link it internally to the built in CMS page and from there we login to our forum accounts and browse plugins it pulls the list of plugins from an external but secure location and click download/install on the plugins we choose and it downloads it directly in to the plugins folder no middle man and thus secure from fake plugins.
Reply
Thanks given by:
#94
(05-22-2015, 07:10 AM)Serial Wrote: I didn't read through all 10 pages so maybe it was already suggested but maybe instead of or including having the plugin repo's website hosted externally instead you link it internally to the built in CMS page and from there we login to our forum accounts and browse plugins it pulls the list of plugins from an external but secure location and click download/install on the plugins we choose and it downloads it directly in to the plugins folder no middle man and thus secure from fake plugins.

If linked to the webadmin, it still needs to be hosted somewhere; as long as by a MCS person, it shouldn't be external.

Linkage to forum/GitHub logins could work, depending on how easily their password hashing can be replicated.

Providing a way to download directly to the Plugins folder from the server is definitely something for consideration, and shouldn't be to hard to add to the webadmin and repository.

What would you mean by middle man and fake plugins? The repository hosts what the plugin developer posts, and with HTTPS, what they uploaded should (at least) be what you download - in that sense, downloading using the browser or the webadmin should be the same. For malicious plugins, that would likely need policing of posts.

Hope that's helpful Smile



ThuGie and bearbin, the repository uses a SQL library for safer requests, would you like to verify that security is indeed improved? Reference: https://forum.cuberite.org/showthread.ph...2#pid20772
Reply
Thanks given by: Serial
#95
The injection attacks do appear to be somewhat mitigated.
Reply
Thanks given by:
#96
(05-24-2015, 04:13 AM)tigerw Wrote: If linked to the webadmin, it still needs to be hosted somewhere; as long as by a MCS person, it shouldn't be external.

Linkage to forum/GitHub logins could work, depending on how easily their password hashing can be replicated.

Providing a way to download directly to the Plugins folder from the server is definitely something for consideration, and shouldn't be to hard to add to the webadmin and repository.

What would you mean by middle man and fake plugins? The repository hosts what the plugin developer posts, and with HTTPS, what they uploaded should (at least) be what you download - in that sense, downloading using the browser or the webadmin should be the same. For malicious plugins, that would likely need policing of posts.

Hope that's helpful Smile



ThuGie and bearbin, the repository uses a SQL library for safer requests, would you like to verify that security is indeed improved? Reference: https://forum.cuberite.org/showthread.ph...2#pid20772

Yeah that's wicked all I really meant by 'hosted externally' was having to leave the local CMS and go to eg: repo.mc-server.org etc.. or even forums.mc-server.org (which is one of the place as you said malicious plugins could be obtained innocently especially if this hits off like it should being a far superior server software compared.) But yeah you explained everything if great detail and I hope to see the plugin page integrated into the local CMS to download from the repo it will be great and make the server even more powerful adding the ability to add/remove plugins at will (while leaving the configs behind even for future re-installation.)
Reply
Thanks given by:
#97
Should I create a link in the forum to the plugin repo? I would keep the 'Plugin Releases' subforum since allot of other plugins are still there.
Reply
Thanks given by:
#98
Yep. That would be a good idea.
Reply
Thanks given by:
#99
No offence, but i don't think the plugin repo is ready.
For once, we might want to either use a simple, or modern UI - what we have atm is REALLY fugly.
Reply
Thanks given by:
That's why I named it Beta ^^
Reply
Thanks given by:




Users browsing this thread: 2 Guest(s)