jni
commented
6 years ago "please install our Very Good Deep Learning Totally Not Bitcoin Mining plugin for Napari!" =P
Open royerloic opened 6 years ago
jni
commented
6 years ago "please install our Very Good Deep Learning Totally Not Bitcoin Mining plugin for Napari!" =P
kne42
commented
6 years ago Yeah, just one popular plugin getting hacked could be a real problem - I heard that Node.js ran into some issue where many people's libraries were compromised and spread like a virus.
Description
We use GIT links and GIT infrastructure for plugins which is great, but, there is also potential dangers associate to that in terms of code executing on one's machine that could wreak havoc with files for example...
Not clear if there is any solution to that... Other similar tools have the same challenges...
Possible mitigation strategy is to have a way to log all plugin accesses to the file system. Possibly turning on a GUI warning, or even having some sort of permission system for plugins. Needless to say, this might never be implemented and is certainly not for now... But we should keep an eye on security in general. It would take one contributor running amok to cause a lot of trouble...