Safety of plugins
Safety of plugins
Is there a guarantee that plugins developed by 3rd parties are safe to use? This issue is similar to security of widely popular iPhone apps (http://itmanagement.earthweb.com/secu/a ... d-Rush.htm).
-
Jan Rysavy
- ALTAP Staff
- Posts: 5231
- Joined: 08 Dec 2005, 06:34
- Location: Novy Bor, Czech Republic
- Contact:
Re: Safety of plugins
No guarantee. Also no guarantee for third party scripts for the Automation plugin.
If you have any doubts, don't use it. Third party plugins comes without source code and there is no chance to verify it doesn't contain malicious code.
If you have any doubts, don't use it. Third party plugins comes without source code and there is no chance to verify it doesn't contain malicious code.
Re: Safety of plugins
Could you establish a special category of plugins -- those for which you obtain source, verify its safety, and compile and distribute yourselves? You could call them verified plugins or something like that.
It's easier with script as I can read the source code and verify that it doesn't contain malicious code.
It's easier with script as I can read the source code and verify that it doesn't contain malicious code.
Re: Safety of plugins
Hi roman2, I've already expressed my concern about plugins safety, when we were discussing website for Salamander plugins...
You can trust all the plugins included in the official Salamander distribution
- all these plugins are digitally signed by Altap so you can make sure no malicious code was injected into them 
To my knowledge Altap does not have source code for any third party plugin, which is not included in the official distribution. All the third party plugins are compiled by their authors.
Currently there are very few third party plugin developers and I trust these authors completely:
- manison - Automation Plugin (included in Altap Salamander 2.53), Offender Plugin, Total Commander Proxy Plugin (this plugin loads Total Commander plugins made by other author so you have to trust their code as well)
- stepand76 - Shell Link Viewer Plugin, Web Page Viewer Plugin (IE, Gecko), JSON Viewer Plugin, Flash Player Plugin, Shell Menu Plugin, TortoiseSVN plugin, FLAC Viewer Plugin
- zarevak (me
) - DiskMap Plugin (included in Altap Salamander 2.52), Explorer Thumbnails Plugin, UnVE3D Plugin - Virtual Earth 3D unpacker, UnEVE Plugin - EVE Online unpacker
(I'm sorry if I forgot to mention some plugin)
If you download these plugins from this forum or sites linked from this forum by their authors, you can be pretty sure these plugins are safe.
There have been a few more plugins by other authors on this forum, but I don't know them... There was no problem reported by anybody so I can assume these plugins are safe as well.
You can trust all the plugins included in the official Salamander distribution
- all these plugins are digitally signed by Altap so you can make sure no malicious code was injected into them To my knowledge Altap does not have source code for any third party plugin, which is not included in the official distribution. All the third party plugins are compiled by their authors.Currently there are very few third party plugin developers and I trust these authors completely:
- manison - Automation Plugin (included in Altap Salamander 2.53), Offender Plugin, Total Commander Proxy Plugin (this plugin loads Total Commander plugins made by other author so you have to trust their code as well)
- stepand76 - Shell Link Viewer Plugin, Web Page Viewer Plugin (IE, Gecko), JSON Viewer Plugin, Flash Player Plugin, Shell Menu Plugin, TortoiseSVN plugin, FLAC Viewer Plugin
- zarevak (me
) - DiskMap Plugin (included in Altap Salamander 2.52), Explorer Thumbnails Plugin, UnVE3D Plugin - Virtual Earth 3D unpacker, UnEVE Plugin - EVE Online unpacker(I'm sorry if I forgot to mention some plugin)
If you download these plugins from this forum or sites linked from this forum by their authors, you can be pretty sure these plugins are safe.
There have been a few more plugins by other authors on this forum, but I don't know them... There was no problem reported by anybody so I can assume these plugins are safe as well.
-
stepand76
- Plugin Developer
- Posts: 455
- Joined: 16 Apr 2007, 21:22
- Location: Pardubice, Czech Republic
Re: Safety of plugins
Hi zarevak, there is also Service explorer plugin by Mike12345.
-
Jan Rysavy
- ALTAP Staff
- Posts: 5231
- Joined: 08 Dec 2005, 06:34
- Location: Novy Bor, Czech Republic
- Contact:
Re: Safety of plugins
As Zarevak mentioned:
zarevak wrote:There have been a few more plugins by other authors on this forum, but I don't know them...
-
stepand76
- Plugin Developer
- Posts: 455
- Joined: 16 Apr 2007, 21:22
- Location: Pardubice, Czech Republic
Re: Safety of plugins
Sorry, I overlooked this sentence. Anyway I use Service Explorer plugin, so I trust it