Hi Tomas, That was a contrived example, not a real problem. My point is that you always have to have to trust what you install in the shop no matter how you install modules: either via FTP, git, rsync, composer or via ioly. If you click around like an idiot, idiotic (and bad) things are bound to happen. My second point is that offering a "install via gui" option is equally as dangerous as supplying encrypted modules. In fact, I consider encrypted modules even worse, as you never know what you're getting, what they are reading, who they are contacting etc. The quip about the baby and the iron wasn't directed at you, but should be interpreted to mean: to do anything in OXID, a certain amount of experience and know-how is required. ioly isn't there for the shop-owner to use, but rather for the shop agency.
However ioly does have the advantage that the cookbooks can be community reviewed & improved, so a tested recipe could, for example, download a *specific* known-good commit from Github when installing something, which would greatly reduce the possibility of something breaking. For security, we could also consider integrating some sort of zip-checksum-check into ioly, so we can test if zips have been manipulated or not, but this hasn't been done yet. I see your point that inexperienced users have more potential to do something bad, but Shopware and Wordpress have similar systems and I haven't seen the world end yet... and Shopware isn't staying still either... Dave On Thu, Nov 20, 2014 at 11:00 AM, Tomas Kvietkauskas <[email protected]> wrote: > Hi Dave, > > On 20 Nov 2014, at 11:31, Dave Holloway <[email protected]> wrote: > > There is always a layer of trust that they aren't sniffing > $_POST['order']['cc_number'] and sending it off to the Lithuania-Pastebin. > > > please tell me more about it. > > _______________________________________________ > dev-general mailing list > [email protected] > http://dir.gmane.org/gmane.comp.php.oxid.general _______________________________________________ dev-general mailing list [email protected] http://dir.gmane.org/gmane.comp.php.oxid.general
