Make a poll and we decide.
Democracy
Democracy
My version of a plugin repository
|
Make a poll and we decide.
Democracy
05-22-2015, 06:07 AM
As far as i can tell there is a partial consensus that the name change would be a good thing.
(I'm part of that camp, but pushing something that wasn't fully agreed upon doesn't sound good to me)
I didn't read through all 10 pages so maybe it was already suggested but maybe instead of or including having the plugin repo's website hosted externally instead you link it internally to the built in CMS page and from there we login to our forum accounts and browse plugins it pulls the list of plugins from an external but secure location and click download/install on the plugins we choose and it downloads it directly in to the plugins folder no middle man and thus secure from fake plugins.
05-24-2015, 04:13 AM
(05-22-2015, 07:10 AM)Serial Wrote: I didn't read through all 10 pages so maybe it was already suggested but maybe instead of or including having the plugin repo's website hosted externally instead you link it internally to the built in CMS page and from there we login to our forum accounts and browse plugins it pulls the list of plugins from an external but secure location and click download/install on the plugins we choose and it downloads it directly in to the plugins folder no middle man and thus secure from fake plugins. If linked to the webadmin, it still needs to be hosted somewhere; as long as by a MCS person, it shouldn't be external. Linkage to forum/GitHub logins could work, depending on how easily their password hashing can be replicated. Providing a way to download directly to the Plugins folder from the server is definitely something for consideration, and shouldn't be to hard to add to the webadmin and repository. What would you mean by middle man and fake plugins? The repository hosts what the plugin developer posts, and with HTTPS, what they uploaded should (at least) be what you download - in that sense, downloading using the browser or the webadmin should be the same. For malicious plugins, that would likely need policing of posts. Hope that's helpful ThuGie and bearbin, the repository uses a SQL library for safer requests, would you like to verify that security is indeed improved? Reference: https://forum.cuberite.org/showthread.ph...2#pid20772 Thanks given by: Serial
05-24-2015, 04:25 AM
The injection attacks do appear to be somewhat mitigated.
05-24-2015, 05:08 AM
(05-24-2015, 04:13 AM)tigerw Wrote: If linked to the webadmin, it still needs to be hosted somewhere; as long as by a MCS person, it shouldn't be external. Yeah that's wicked all I really meant by 'hosted externally' was having to leave the local CMS and go to eg: repo.mc-server.org etc.. or even forums.mc-server.org (which is one of the place as you said malicious plugins could be obtained innocently especially if this hits off like it should being a far superior server software compared.) But yeah you explained everything if great detail and I hope to see the plugin page integrated into the local CMS to download from the repo it will be great and make the server even more powerful adding the ability to add/remove plugins at will (while leaving the configs behind even for future re-installation.)
05-25-2015, 12:56 AM
Should I create a link in the forum to the plugin repo? I would keep the 'Plugin Releases' subforum since allot of other plugins are still there.
05-25-2015, 01:54 AM
Yep. That would be a good idea.
05-25-2015, 02:22 AM
No offence, but i don't think the plugin repo is ready.
For once, we might want to either use a simple, or modern UI - what we have atm is REALLY fugly.
05-25-2015, 02:23 AM
That's why I named it Beta ^^
|
« Next Oldest | Next Newest »
|