[Adium-devl] Out of process plugins (was: Distant objects)

Evan Schoenberg evan at adiumx.com
Tue May 8 12:24:04 UTC 2007 

On May 8, 2007, at 2:34 AM, Colin Barrett wrote:

> I'm not sure why that'd be a security issue. We shouldn't store
> passwords in memory, ever. That's what keychain is for. Plenty of
> other apps provide an API other processes can interact with. It may be
> that we don't want to expose certain functionality via DO for Adium,
> but I can't really think of a whole lot.
>
> If there is hostile code running on the system, the user is pretty
> much hosed anyway. In most cases they were probably socially
> engineered into installing it, and even if we require the user to
> authenticate or allow things to connect to Adium, that same social
> engineering trick works ("but I *want* to use Gator, why would I deny
> them access to something it says it needs?").
I agree wholeheartedly with this sentiment.  I've been trying to  
figure out the right way to say exactly that.

> I say do it, and force all plugins out of process. It'll be a win for
> us in terms of forcing people not to use private APIs and keeping
> plugins from crashing Adium. Although I can be convinced otherwise ;)
Disagree there.  DO is inherently more expensive than in-process.  A  
rich public API should hopefully keep people from doing dumb things  
like NSClassFromString() to hack into private classes... and if they  
do, well, our handling of plugins should be versioned such that this  
isn't a major problem anyways: if I write a plugin depending on  
1.0.2's internals, and say it's compatible with the 1.0.2 API only,  
then with 1.0.3 the user should be warned of the potential  
incompatibility and reminded how to manually remove the plugin if  
necessary.

-Evan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://adium.im/pipermail/devel_adium.im/attachments/20070508/d5efef80/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://adium.im/pipermail/devel_adium.im/attachments/20070508/d5efef80/attachment.sig>

More information about the devel mailing list