Security? about xbar-plugins HOT 6 CLOSED

This is why BitBar has to be directly downloaded, rather than through the App Store. It's a real consideration. We do a review (which includes security) of all plugins before accepting them. Do you have any other suggestions that could help?

from xbar-plugins.

Considering the target (developers), I would suggest you read through the plugin you want to use. Not even going to the level of malicious scripts, it might just be prudent to know what you are running.

from xbar-plugins.

I was thinking about a way to inject some of our informations by using environment variables, instead of hard writing those informations on the script itself. Maybe using a Preferences panel or something ?
I am more concerned about password than malicious codes, considering (like @manojlds said) the target is developers.

from xbar-plugins.

@maxoumime there is ongoing discussion here - matryer/xbar#88

from xbar-plugins.

It's a real consideration. We do a review (which includes security) of all plugins before accepting them.

@matryer thanks for the response - I don't have any concrete suggestions right now, but I just wanted to get a discussion going. Feel free to close this issue; leaving it open might help others find it and contribute, though.

Considering the target (developers), I would suggest you read through the plugin you want to use. Not even going to the level of malicious scripts, it might just be prudent to know what you are running.

@manojlds I agree! The reason I ask is more because I'm not entirely familiar with all the languages used to write these plugins, so my intuition would only take me so far. Of course I'll be deep diving on things that I'm curious about or concerned about, but again, just wanted to raise a conversation point.

from xbar-plugins.

@JaKXz - yeah definitely. Boils down to community + own checks.

from xbar-plugins.