Nice to see how you are preventing virus plugins, this will definitely benefit newer devs. 
I have the same question as @TheCarbyneUniverse though.
Sure, being able to view the source would be a little helpful combatting malicious plugins, but that only helps developers with a solid scripting background. This also diminishes the idea of paid plugins, because now the source is out there and reuploading paid plugins will be trivial.
Although this would be cool. It would open the door to a lot of copy plugins
This can easily be abusable. A plugin should make itâs own functionality to do this.
See:
People are already copying plugins though. I think this is a separate issue not relevant to the OP.
I can see what you mean, however I think that this will not be easy to abuse, and any serious developer should be able to see through whatever the plugin claims. Perhaps an addition of a preview for the scripts would help keep this from happening?
Yes, people are already copying plugins, but making it so you can see all the plugin code would make it even easier for kids to make complete copies.
Either way this is a great step towards better security and less new developers being turned away because their game got ruined by a malicious plugin.
1 Like
Well, thatâs certainly no excuse to enable plugin copycats even more.
This update is about all thatâs needed. A building plugin doesnât need to insert scripts or modify source code. The plugins that do modify source code are almost always open source on github from my experience.
1 Like
I disagree, as repeatedly updating the plugin would make a change like this quite annoying. I think that most malicious plugins are created maliciously, and I donât think any plugin is updated to be malicious. There might be a couple exceptions, however I think in the grand scheme, this will not be very useful.
1 Like
Perhaps along with this could be a script previewer that would allow you to preview the scripts inserted.
1 Like
I could see this being a concern with plugins creating fake alerts, and I think this is a valid concern. Perhaps one way this could be fixed is that plugins under review could be kept from inserting GUI, which would keep this from happening.
If you read the post properly you wouldâve seen they mentioned a way to change your choice via the plugin management window
I think we should be able to choose this behavior ourselves. A checkbox for âPersist after updatesâ or something would suffice. Those of us concerned about our plugins going rogue wonât have to worry.
2 Likes
Yes, but what Iâm wondering is will this allow all the plugins to do everything, or just allow a certain plugin after you accidentally chose a setting you didnât want.
I agree, a couple of settings in perhaps Studio Settings, or plugin management would be useful for people who want heightened security, and for people who want the security to be lower. This could allow for turning off the update entirely, or resetting all of the allowed/rejected requests.
You can already see the source of any plugin installed in the InstalledPlugins folder.
This seems to have broken my own plugins, as the button for them will not open the UI anymore. It also seems to have deleted a lot of the core gui plugin UI storage for no reason at all.
1 Like
Uninstalling them and reinstalling them did not work.
about time! finally the pesky backdoors can go away. (mostly)
1 Like
For both this permission tool, as well as HTTP permissions, can we get an âallow onceâ or âallow this sessionâ option? Some plugins only need to do stuff like this rarely (e.g. to pull a cached list); similar to iPhoneâs location permission settings and most browserâs permission settings.
1 Like