Closed Bug 304972 Opened 19 years ago Closed 16 years ago

Grendel should have plug-in support

Categories

(Grendel Graveyard :: User Interface, enhancement)

Product:
Grendel Graveyard
Component:
User Interface
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: kieran.maclean, Assigned: rjkeller)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.10) Gecko/20050717 Firefox/1.0.6
Build Identifier: 

Grendel should have plug-in support.

These should be java jars which are loaded durring startup.

There should be an API to allow them to access certain features (see my warning
about security at the end).
This API should not provide the module with access to the server passwords.

Plug-in support could lead to security problems, these should be minimal and the
support should minimise these as far as possible. (This should be locked down in
a similar manor to applets running in a browser.)
I may be paranoid but if security is included at the design stage then it will
minimise the work if it should be a problem.

Reproducible: Always

Steps to Reproduce:
I couldn't see Plugins being a security issue in Grendel because you'd have to
install them manually.

How about instead of JavaScript JAR files, why not use XUL and JavaScript? I'd
be sorta like macros except distributed in a combined format. Remember that
Rhino includes a Java<->JavaScript bridge so we can easily integrate the two
languages.
It could be in JavaScript+XUL, however I thought that Java it's self might be
preferable to some people.

Perhaps some combination of the three would be prefered allowing a developer to
choose the options they prefer.

As for security I wouldn't feel happy with other code having unrestricted access
to the system, that includes the underlying OS because this is an application.
I would feel happier if the plug-in ran under a seporate classloader in a
seportate thread.
Where it can be restrained by a security manager, and the classloader.
This would also allow us to catch any uncaught exceptions and help Grendel
remain stable.
marking wontfix as grendel is removed from cvs
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.