Securing Plugins

[Chris]

Is there any plans to create a secure architecture for plugins?

By this, I mean something similar to Caja or FBJS (http://css.csail.mit.edu/6.858/2012/readings/js-subsets.pdf).

Just curious if it's something PB has considered and where you guys stand on it. Obviously no time left for 5.0, but 5.x could implement it.

(There can always be a "this is secure" option too to bypass all that things that need to be disabled.)

[Ryan Roos]

You can talk to Pat and Martyn more about this. There are a limited number of Private Keys though that might accomplish the same goal that you are trying to achieve. These are slightly different from the 100 public keys that you get with regards to privacy and security. After reading up on Caja and FBJS I think that is the same goal. Like I said Pat and Martyn will know much more.

[Chris]

Oct 22, 2012 6:44:10 GMT -8 Ryan Roos said:

You can talk to Pat and Martyn more about this. There are a limited number of Private Keys though that might accomplish the same goal that you are trying to achieve. These are slightly different from the 100 public keys that you get with regards to privacy and security. After reading up on Caja and FBJS I think that is the same goal. Like I said Pat and Martyn will know much more.

I feel like those would be different... FBJS's end goal is to modify outputted JavaScript to make it secure. i.e. no chance for scripts to hijack a forum.

I'll ping 'em later then.

[RedBassett]

*Votes in support of this feature*

[VS Admin]

Developing and maintaining a system to try to detect what JavaScript is "good" vs. "bad" would be one heck of an undertaking and really isn't something that we're focused on. Forum owners should be careful to only install code on their sites that they trust. On our end, we focus on making sure that users can not output HTML/JavaScript onto the page except for admins with the power to.

[Ryan Roos]

To build off of what Pat said. This is another good reason to use plugins from the plugin library. While we might not vet every single plugin ourselves, we would be able to quickly identify and deal with issues with malicious plugins and authors if they were in the library. Trusting in the reviews and ratings of others will be a good reason for the Library to be used as well. If there are a 1000 forums using a plugin with a 4 star rating and great reviews, you can be fairly confident that it isn't malicious. We will rely on the community for security. And as always ProBoards will take actions against those that try to harm our members.

[Chris]

I believe the paper I linked to documents most of what is necessary, thankfully.

But ok, just wanted to throw out the idea.

Maybe things in the plugin library can be gold starred if they're vetted by the PB staff? (Or select people, etc.)

[RedBassett]

Oct 22, 2012 10:22:56 GMT -8 Chris said:

Maybe things in the plugin library can be gold starred if they're vetted by the PB staff? (Or select people, etc.)

This also leads to the question of whether plugins must be approved before being submitted? Or marked as approved by ProBoards?

[Ryan Roos]

The Plugin Library isn't finalized yet. However, we really hope that the community is so large that we can let peer review govern the plugins. The cream will rise to the top. Based on our hopes it wouldn't be possible for us to manually review every single plugin. I'd like to have some sort of system that ranks the authors as well (like a sellers rating elsewhere). That way you know the quality of the plugin and its author. And like I said, if there is a malicious author and plugin we will take action accordingly. But as previously mentioned, nothing is finalized. And my personal ideas are just that, mine. We decide things as a team, so other devs may have other ideas before we are done.

[Celeste]

It isn't like we're starting with entirely new coders who are unknown to us. I'll probably stick with the same coders I know for my plugins. We have a good bunch now and I can't see the present crew inserting malicious code into their plugins at this point.