Strategies for Isolating Plugin Secrets in Discourse

You could take a look at the techniques employed here:

but note the caveat: Discourse Encrypt (for Private Messages)

Other than that I’m not aware of any.

Of course, as a RoR app, Discourse manages user authorization properly, so, for example, you cannot access admin resources as a normal user.

But a plugin has administrative scope (beyond the core initialisation stage), so your base assumption must be it is possible for a plugin to access data from another plugin (even if very unlikely - is a reactions plugin going to broadcast your data to Facebook?! I doubt it!! :sweat_smile: )

The onus is on the installer (ie the human administrator) to vet all the code that is added to an instance so it doesn’t abuse any data.

If you are risk averse, simply do not install 3rd party plugins you don’t fully understand - keep to the core install only.

But in the end of the day, make sure you have a senior RoR dev on staff to review everything that is being added to an instance?

2 Likes