Thank you and to all others who have posted replies. I did not expect that this issue would call forth so many responses. There have been a number of helpful suggestions.
Please note that, in some cases, the users I am trying to convince are in government agencies that have very specific and stringent policies about software installation. In one case, only authorized IT personnel are permitted to install any software on employee computers. I am not sure that these policies have come up against the world of open-source, plug-in based architecture. I don't know if it goes totally against the philosophy of QGIS, but maybe there could be a feature to allow an admin option within QGIS to require password protection before being able to fetch plugins or activate plugins. I expect that it could be defeated, but might help to allay some concerns. Under this scenario, a QGIS administrator who could get at a QGIS "security options" screen where various features such as downloading plugins could be enabled/disabled for a particular user installation. If anyone is interested, the project I am working on involves estimating delay on transportation networks when roads are flooded. The architecture has the road network represented in QGIS, which is then exported to a Spatialite database via a contributed plugin. From there, a C# program reads the database and does the needed shortest path and delay cost estimation calculations. Choosing this architecture has made things very modular and workable. QGIS is wonderful software, this is a terrific community. I introduced QGIS to a professor who is working on my project and uses ArcGIS, showing him the line direction decoration capability and Nathan W's lineswitch plugin, and he responded: "That's interesting about QGIS, because we have had much difficulty do the same thing in ArcGIS.". Thanks again to all who have responded. Dick On Wed, Feb 22, 2012 at 5:59 PM, Martin Dobias <wonder...@gmail.com> wrote: > On Sat, Feb 18, 2012 at 5:08 PM, Richard Males <rbma...@gmail.com> wrote: >> >> I would very much appreciate any thoughts on if/how QGIS currently >> deals with this, or references to documentation or postings on the >> issue. > > Hi Richard > > Contributed QGIS python plugins have similar security issues like any > other extension code that can be downloaded. It is important to note > that with _any_ python plugin downloaded from repository you cannot be > 100% sure that no malicious code is inside. The server could have been > hacked, an author's credentials could be stolen or even a previously > trusted author could put on his black hat (and add some malicious code > intentionally)... > > In case you are aiming for maximum security I would recommend to use > one of following approaches: > 1. host a local repository within your organization with "known" and > "safe" plugins. It is really easy to set up one (a web server + > repository xml file + plugin archives). A customized installation of > QGIS would use this repository by default. This is a flexible approach > and allows upgrading/adding plugins quickly by the admin and it is > convenient for users. > 2. disable python plugin installer completely in a customized > installation, put there only chosen plugins. Less flexible, but more > secure - no new plugins, no updates to plugins. (But still possible to > add plugin installer or other plugins manually) > 3. provide an installation without qgispython library - that > effectively disables running python code within QGIS. Most secure, > least flexible. > > Anyway, AFAIK qgis itself should never try to do anything where it > would need admin rights. So another piece of security (for users with > some admin privileges) would be to disable qgis to escalate its > rights. > > Regards > Martin _______________________________________________ Qgis-user mailing list Qgis-user@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/qgis-user
