Plugins from Mimestream?
Quote from rcohen on November 5, 2021, 1:33 amI guess this is directed at @hpw
Now that we have mimestreams, would it be possible to be able to run all plugins from a stream? It would be more secure and perhaps run faster?
Just a thought...
I guess this is directed at @hpw
Now that we have mimestreams, would it be possible to be able to run all plugins from a stream? It would be more secure and perhaps run faster?
Just a thought...
Quote from HPW on November 5, 2021, 8:37 amHello Robert,
No, since plugins are DLL's which get loaded on startup (unpacked to temp if so compiled).
The security for plugins is given with the last release, where a secure plugin-loading was added to VNW.
Now the compile process store a SHA hash about each used plugin and will not load the plugin if it's binary-file-hash has changed after the compile.
And the fasted way is to load the unpacked plugins (non-upx) from the [PubDir].
This is also the cleanest way for the security packages. (They can proove the DLL's and flag them as correct)
Therefor there was also the adding for renaming (optional) of the external plugins to DLL-extension (example MyApp1.dll)
Regards
Hans-Peter
Hello Robert,
No, since plugins are DLL's which get loaded on startup (unpacked to temp if so compiled).
The security for plugins is given with the last release, where a secure plugin-loading was added to VNW.
Now the compile process store a SHA hash about each used plugin and will not load the plugin if it's binary-file-hash has changed after the compile.
And the fasted way is to load the unpacked plugins (non-upx) from the [PubDir].
This is also the cleanest way for the security packages. (They can proove the DLL's and flag them as correct)
Therefor there was also the adding for renaming (optional) of the external plugins to DLL-extension (example MyApp1.dll)
Regards
Hans-Peter
Quote from rcohen on November 5, 2021, 8:59 amWow! That is great information. I missed that in the features list.
Thanks @hpw
Great stuff
Wow! That is great information. I missed that in the features list.
Thanks @hpw
Great stuff