Skip to content

[Security] Security related with plugins loader #281

Open
Open
[Security] Security related with plugins loader#281
Labels
enhancementNew feature or requestsecurityRelated to securitytrackingThis issue is tracking by another issue

Description

@langyo
langyo
opened on Mar 1, 2024
  • 执行前对插件的哈希校验,防止篡改
  • 插件通信SDK能自动与宿主程序进行加密通信,具体实现为:
    • 插件启动时传入握手公钥
    • 插件启动时SDK自动解析公钥,并向对应管道通信并发送插件临时公钥,交换得到双方临时公钥
    • 插件与宿主的通信全程以该临时密钥对通信
  • 严格控制插件的执行等级,需要 UAC 权限进行操作的插件必须提前向宿主申请

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestsecurityRelated to securitytrackingThis issue is tracking by another issue

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions