Plugins for Application
-
No - the effort you'll expend creating an overengineered plug-in framework is the daft idea.
Forgive your enemies - it messes with their heads
My blog | My articles | MoXAML PowerToys | Mole 2010 - debugging made easier - my favourite utility
Creating that thread and expecting right answer(s) was the daft idea. You guys just read the question, replies completely different thing, ignoring what actually been asked, down votes for nothing.
TVMU^P[[IGIOQHG^JSH`A#@`RFJ\c^JPL>;"[,*/|+&WLEZGc`AFXc!L %^]*IRXD#@GKCQ`R\^SF_WcHbORY87֦ʻ6ϣN8ȤBcRAV\Z^&SU~%CSWQ@#2 W_AD`EPABIKRDFVS)EVLQK)JKQUFK[M`UKs*$GwU#QDXBER@CBN% R0~53%eYrd8mt^7Z6]iTF+(EWfJ9zaK-iTV.C\y<pjxsg-b$f4ia>
----------------------------------------------- 128 bit encrypted signature, crack if you can
-
Creating that thread and expecting right answer(s) was the daft idea. You guys just read the question, replies completely different thing, ignoring what actually been asked, down votes for nothing.
TVMU^P[[IGIOQHG^JSH`A#@`RFJ\c^JPL>;"[,*/|+&WLEZGc`AFXc!L %^]*IRXD#@GKCQ`R\^SF_WcHbORY87֦ʻ6ϣN8ȤBcRAV\Z^&SU~%CSWQ@#2 W_AD`EPABIKRDFVS)EVLQK)JKQUFK[M`UKs*$GwU#QDXBER@CBN% R0~53%eYrd8mt^7Z6]iTF+(EWfJ9zaK-iTV.C\y<pjxsg-b$f4ia>
----------------------------------------------- 128 bit encrypted signature, crack if you can
No. I understood what you were after from the start (and I haven't voted on this). The reason that I would suggest MEF is because I am friends with the guys who wrote it, and know that they didn't think this was an issue that they had to contend with, so you could learn a lot from the architecture they put in place. If they didn't think that, why should you have to worry about it? Bottom line - yes, separate processes is the only way you could achieve this, but each process takes up valuable memory and resources and can lead to your application being treated as a memory hog. More importantly, you are expecting the users to have to trust individual plugins through your firewall - I've worked with an application that does this and it was a complete PITA from a user perspective (the application was Lightwave and had something called the Hub that had to be granted access through the firewall). It was an awful experience, and not one I'd want to inflict on users. Even Chrome and Firefox don't feel this is a necessary step. So yes, it is a daft idea. Of course, you can arrogantly go on your way and overengineer this thing, and then wonder why you end up having no users. Good luck with that.
Forgive your enemies - it messes with their heads
My blog | My articles | MoXAML PowerToys | Mole 2010 - debugging made easier - my favourite utility
-
No. I understood what you were after from the start (and I haven't voted on this). The reason that I would suggest MEF is because I am friends with the guys who wrote it, and know that they didn't think this was an issue that they had to contend with, so you could learn a lot from the architecture they put in place. If they didn't think that, why should you have to worry about it? Bottom line - yes, separate processes is the only way you could achieve this, but each process takes up valuable memory and resources and can lead to your application being treated as a memory hog. More importantly, you are expecting the users to have to trust individual plugins through your firewall - I've worked with an application that does this and it was a complete PITA from a user perspective (the application was Lightwave and had something called the Hub that had to be granted access through the firewall). It was an awful experience, and not one I'd want to inflict on users. Even Chrome and Firefox don't feel this is a necessary step. So yes, it is a daft idea. Of course, you can arrogantly go on your way and overengineer this thing, and then wonder why you end up having no users. Good luck with that.
Forgive your enemies - it messes with their heads
My blog | My articles | MoXAML PowerToys | Mole 2010 - debugging made easier - my favourite utility
Pete O'Hanlon wrote:
The reason that I would suggest MEF is because I am friends with the guys who wrote it, and know that they didn't think this was an issue that they had to contend with, so you could learn a lot from the architecture they put in place.
I'm not against MEF or saying its not good but I tried, its too much code just for plugin.
Pete O'Hanlon wrote:
If they didn't think that, why should you have to worry about it?
So you are saying now, I must walk the same path they did.
Pete O'Hanlon wrote:
Bottom line - yes, separate processes is the only way you could achieve this
See its not that hard, could be said earlier.
Pete O'Hanlon wrote:
ut each process takes up valuable memory and resources and can lead to your application being treated as a memory hog.
Not all plugins will start at once, user must click to start them. If (s)he starts 100 plugins, then Im not responsible for that. Its same as you are suggesting I shouldn't worry about firewall issue.
Pete O'Hanlon wrote:
Even Chrome and Firefox don't feel this is a necessary step. So yes, it is a daft idea.
These kind of things doesnt effect those big popular companies.
Pete O'Hanlon wrote:
Of course, you can arrogantly go on your way and overengineer this thing
Arrogantly ? If I had to go that way, then why would I asked here in first place. And I dont see it as overengineer or whatever you call it. Its just the way things works.
TVMU^P[[IGIOQHG^JSH`A#@`RFJ\c^JPL>;"[,*/|+&WLEZGc`AFXc!L %^]*IRXD#@GKCQ`R\^SF_WcHbORY87֦ʻ6ϣN8ȤBcRAV\Z^&SU~%CSWQ@#2 W_AD`EPABIKRDFVS)EVLQK)JKQUFK[M`UKs*$GwU#QDXBER@CBN% R0~53%eYrd8mt^7Z6]iTF+(EWfJ9zaK-iTV.C\y<pjxsg-b$f4ia>
----------------------------------------------- 128 bit encrypted signature, crack if you can
-
jschell wrote:
At some point you have to trust the plugin. For instance consider the situation
There is no trust on plugins, if I trust, host application will lose the trust and it will be in firewall block list. And that will ruin entire point of stats management and other important things.
jschell wrote:
As an example if you want the user to validate the plugins then you should insure that your application will not load any plugin unless the user has verified it and has done that in the application.
Well, thats the problem. A user can validate any plugin, regular user has no knowledge whats going on behind the application. Even a programmer, will have read all the source code to make sure the plugin is not a spyware or virus, that may steal their work or documents. Here is more detailed explanation - Host Application uses web service, sends and receives informations, update stats. - User trusts on host application. - Everyone in the entire world is allowed to create own plugin - But if host application loads plugin even in separate AppDomain, it still uses same firewall setting, which is already allowed by user, and plugin has direct access to internet. - Only way I see is separate process for each plugin. So if plugin tries to connect, firewall will confirm that. - My question was that, is separate process only way to avoid that ? thats it, thats it, nothing more than that.
TVMU^P[[IGIOQHG^JSH`A#@`RFJ\c^JPL>;"[,*/|+&WLEZGc`AFXc!L %^]*IRXD#@GKCQ`R\^SF_WcHbORY87֦ʻ6ϣN8ȤBcRAV\Z^&SU~%CSWQ@#2 W_AD`EPABIKRDFVS)EVLQK)JKQUFK[M`UKs*$GwU#QDXBER@CBN% R0~53%eYrd8mt^7Z6]iTF+(EWfJ9zaK-iTV.C\y<pjxsg-b$f4ia>
----------------------------------------------- 128 bit encrypted signature, crack if you can
You could have your program ask the user if the plugin should be allowed internet access the first time the plugin is loaded. And I mean the very first time, not each session. You can verify the plugin hasn't changed by storing a hash of the plugin's file and checking it against that hash any time it loads. Force the plugin developers to use your program to update the plugin so you know when to regenerate the hash. In effect, your program becomes a mini firewall. No extra exe's and your program protects the user from malicious plugins. Unless, of course, the user allows the plugin access. But you can't win them all -Ray
-
You could have your program ask the user if the plugin should be allowed internet access the first time the plugin is loaded. And I mean the very first time, not each session. You can verify the plugin hasn't changed by storing a hash of the plugin's file and checking it against that hash any time it loads. Force the plugin developers to use your program to update the plugin so you know when to regenerate the hash. In effect, your program becomes a mini firewall. No extra exe's and your program protects the user from malicious plugins. Unless, of course, the user allows the plugin access. But you can't win them all -Ray
good idea but I rather call it workaround. thanks
TVMU^P[[IGIOQHG^JSH`A#@`RFJ\c^JPL>;"[,*/|+&WLEZGc`AFXc!L %^]*IRXD#@GKCQ`R\^SF_WcHbORY87֦ʻ6ϣN8ȤBcRAV\Z^&SU~%CSWQ@#2 W_AD`EPABIKRDFVS)EVLQK)JKQUFK[M`UKs*$GwU#QDXBER@CBN% R0~53%eYrd8mt^7Z6]iTF+(EWfJ9zaK-iTV.C\y<pjxsg-b$f4ia>
----------------------------------------------- 128 bit encrypted signature, crack if you can
-
good idea but I rather call it workaround. thanks
TVMU^P[[IGIOQHG^JSH`A#@`RFJ\c^JPL>;"[,*/|+&WLEZGc`AFXc!L %^]*IRXD#@GKCQ`R\^SF_WcHbORY87֦ʻ6ϣN8ȤBcRAV\Z^&SU~%CSWQ@#2 W_AD`EPABIKRDFVS)EVLQK)JKQUFK[M`UKs*$GwU#QDXBER@CBN% R0~53%eYrd8mt^7Z6]iTF+(EWfJ9zaK-iTV.C\y<pjxsg-b$f4ia>
----------------------------------------------- 128 bit encrypted signature, crack if you can
It may be, but so is creating separate exe's and talking through interprocess communication. At least this way, it's a true integrated plugin. It's also how most developers are used to creating plugins. I can't think of any other applications that use interprocess communication for plugins. I hope somebody else can give you a better solution. But I wouldn't hold my breath :)
-
It may be, but so is creating separate exe's and talking through interprocess communication. At least this way, it's a true integrated plugin. It's also how most developers are used to creating plugins. I can't think of any other applications that use interprocess communication for plugins. I hope somebody else can give you a better solution. But I wouldn't hold my breath :)
True, but I don't have any other choice.
TVMU^P[[IGIOQHG^JSH`A#@`RFJ\c^JPL>;"[,*/|+&WLEZGc`AFXc!L %^]*IRXD#@GKCQ`R\^SF_WcHbORY87֦ʻ6ϣN8ȤBcRAV\Z^&SU~%CSWQ@#2 W_AD`EPABIKRDFVS)EVLQK)JKQUFK[M`UKs*$GwU#QDXBER@CBN% R0~53%eYrd8mt^7Z6]iTF+(EWfJ9zaK-iTV.C\y<pjxsg-b$f4ia>
----------------------------------------------- 128 bit encrypted signature, crack if you can