On Sat, Feb 18, 2012 at 5:08 PM, Richard Males <rbma...@gmail.com> wrote: > > I would very much appreciate any thoughts on if/how QGIS currently > deals with this, or references to documentation or postings on the > issue.
Hi Richard Contributed QGIS python plugins have similar security issues like any other extension code that can be downloaded. It is important to note that with _any_ python plugin downloaded from repository you cannot be 100% sure that no malicious code is inside. The server could have been hacked, an author's credentials could be stolen or even a previously trusted author could put on his black hat (and add some malicious code intentionally)... In case you are aiming for maximum security I would recommend to use one of following approaches: 1. host a local repository within your organization with "known" and "safe" plugins. It is really easy to set up one (a web server + repository xml file + plugin archives). A customized installation of QGIS would use this repository by default. This is a flexible approach and allows upgrading/adding plugins quickly by the admin and it is convenient for users. 2. disable python plugin installer completely in a customized installation, put there only chosen plugins. Less flexible, but more secure - no new plugins, no updates to plugins. (But still possible to add plugin installer or other plugins manually) 3. provide an installation without qgispython library - that effectively disables running python code within QGIS. Most secure, least flexible. Anyway, AFAIK qgis itself should never try to do anything where it would need admin rights. So another piece of security (for users with some admin privileges) would be to disable qgis to escalate its rights. Regards Martin _______________________________________________ Qgis-user mailing list Qgis-user@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/qgis-user
