dekarrin
commented
5 years ago Closely related to #62; we'll include this in the A/C of that one, which makes this a duplicate issue.
Open dekarrin opened 7 years ago
dekarrin
commented
5 years ago Closely related to #62; we'll include this in the A/C of that one, which makes this a duplicate issue.
dekarrin
commented
5 years ago Mm, #62 is a separate task. Can still secure the API after the conversion is applied. This issue stays open.
Plugins can modify system state to override settings of other plugins. Plugin calls should be segmented to avoid this.
A/C: A malicious plugin that attempts to modify the state of other plugins has no way to do so. Check this by first creating a malicious plugin which does such modification, then show that such a plugin doesn't work after changes are applied.