Nxt Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Nxt Client 1.11.2 - Announcement for Ardor (Nxt 2.0) is here. Ardor Tokens have been released!

Pages: 1 [2] 3 4 5  All

Author Topic: [Client Plugins] Specification / Developers Guide  (Read 7252 times)

HolgerD77

  • Core Dev
  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 299
    • View Profile
  • Karma: +49/-0

Sorry, I was just trying to have a first view of how this plugins are working, so yes, wiki was quite helpful... ;D

May be I come later with other very strange questions...

You're very welcome! :-)
NXT-AQ9F-JC4F-NCM2-4JSXZ

HolgerD77

  • Core Dev
  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 299
    • View Profile
  • Karma: +49/-0

Security wise there will be a very visible security note on login page, before any JS code of a plugin was loaded. Same note is also placed very prominently in the plugins folder. After logging in a user has to know what he/she is doing.

I could imagine that there will be some kind of app/plugin store/repository, where trusted users from the Nxt community curate a selected set of plugins to make sure these can be used safely. For the more prominent ones like MGW the trust level is more or less the same like for the NRS client itself (where you also have to trust some people).

And when account control is released, security situation relaxes a lot, then it will be possible to use plugins just in 2-factor-authentication secured environments and a plugin can't alone control/issue a transaction.

NXT-AQ9F-JC4F-NCM2-4JSXZ

shin

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 456
    • View Profile
  • Karma: +47/-4

Is it a good idea to have a 'safe mode' button too? All plugins will then be ignored and not activated. :)
Wallet: NXT-ELEB-XT6G-L475-HXRFX • 18354136531262130569 • Twitter: Shin NXT

HolgerD77

  • Core Dev
  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 299
    • View Profile
  • Karma: +49/-0

Is it a good idea to have a 'safe mode' button too? All plugins will then be ignored and not activated. :)

Yes, that's actually a brilliant idea, will add this asap.
NXT-AQ9F-JC4F-NCM2-4JSXZ

rudeboi

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 633
  • Nxt Organization Member
    • View Profile
  • Karma: +55/-4


Is it a good idea to have a 'safe mode' button too? All plugins will then be ignored and not activated. :)

Great idea
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

shin

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 456
    • View Profile
  • Karma: +47/-4

Sweet!!
Wallet: NXT-ELEB-XT6G-L475-HXRFX • 18354136531262130569 • Twitter: Shin NXT

Tosch110

  • Global Moderator
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 2375
    • View Profile
  • Karma: +211/-16

Is it possible to use third-party plugins in a plugin/js/3rdparty folder?

Daedelus

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 3281
    • View Profile
  • Karma: +230/-12

Is it a good idea to have a 'safe mode' button too? All plugins will then be ignored and not activated. :)

Damn it, I was just about to say that  :D  On the front page pls, next to the "remember my passphrase" bit

Good thinking shin  ;D
NXT: NXT-4CS7-S4N5-PTH5-A8R2Q

Tosch110

  • Global Moderator
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 2375
    • View Profile
  • Karma: +211/-16

HolgerD77

  • Core Dev
  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 299
    • View Profile
  • Karma: +49/-0

Is it possible to use third-party plugins in a plugin/js/3rdparty folder?

Not really getting this idea actually.
NXT-AQ9F-JC4F-NCM2-4JSXZ

HolgerD77

  • Core Dev
  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 299
    • View Profile
  • Karma: +49/-0

First plugin almost finished :)

https://www.youtube.com/watch?v=JBsKVJYbitY

Wow, totally speechless. This looks amazing! :-)
NXT-AQ9F-JC4F-NCM2-4JSXZ

rudeboi

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 633
  • Nxt Organization Member
    • View Profile
  • Karma: +55/-4
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

rudeboi

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 633
  • Nxt Organization Member
    • View Profile
  • Karma: +55/-4

Random thought, not sure if technically possible.

A plugin that checks other plugins for potential security issues. I.e. lists every NRS API call listed within a certain plugin, maybe flagging the more risky types e.g. Send money.

Obviously couldn't trust completely and would still have to exercise caution, but could be used to help keep users safe.
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

HolgerD77

  • Core Dev
  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 299
    • View Profile
  • Karma: +49/-0



Better?
NXT-AQ9F-JC4F-NCM2-4JSXZ

jones

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 1043
  • write code not war
    • View Profile
    • jNxt
  • Karma: +310/-8

I suggest adding a section to include a validation token.

createToken(sha256(plugincode), personWhoMadeItsAccount).

That way we can validate that this person did create the plugin and that the text of the plugin you recieved is correct and from that person who owns that account at a specific time.

Could you describe this a bit more detailed in a few steps and separated by actions by plugin creator and plugin user? Not yet really understand the process.

1. User completes the entire plugin with manifest, signature field is empty.
2. User takes a sha256 sum of all the files in the directory of the plugin, (through a command or a tool can be made)
3. User puts the hash into token of nxt client.
4. User takes the token generated and adds it to the manifest.

Validating:
1. Valudator zeros the signature spot and hashes the plugin
2. Compares the hash and public key to affirm the token signature.
3. If it passes this plugin is valid.

Bump, I feel this should at least be an option if not required, I will probably implement a plugin validator plugin anyways.
-- Jones NXT-RJU8-JSNR-H9J4-2KWKY

Tosch110

  • Global Moderator
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 2375
    • View Profile
  • Karma: +211/-16

rudeboi

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 633
  • Nxt Organization Member
    • View Profile
  • Karma: +55/-4


Current status of plugins overview page:



Off topic but when did blocks and peers disappear from the menu? I'm glad they are no longer there, but how do you get to those pages now?
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

MrV777

  • Core Dev
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 834
    • View Profile
  • Karma: +100/-4

Off topic but when did blocks and peers disappear from the menu? I'm glad they are no longer there, but how do you get to those pages now?

They are now under the gear menu in the top right




Edit: HolgerD77 is to thank for this
« Last Edit: February 20, 2015, 06:35:45 pm by MrV777 »
NXT: NXT-BK2J-ZMY4-93UY-8EM9V
NXT nodes: drseuss.dyndns-home.com, 198.46.193.111, 69.163.40.132, 192.169.6.103

rudeboi

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 633
  • Nxt Organization Member
    • View Profile
  • Karma: +55/-4

Off topic but when did blocks and peers disappear from the menu? I'm glad they are no longer there, but how do you get to those pages now?

They are now under the gear menu in the top right



Cheers, nice work.

Maybe for making more space 'my store' could be under the marketplace sub menu, a sub menu in a sub menu if possible. As I can't imagine there are enough users having a store to warrant it being a main menu item.
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

valarmg

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 1778
    • View Profile
  • Karma: +177/-57

I suggest adding a section to include a validation token.

createToken(sha256(plugincode), personWhoMadeItsAccount).

That way we can validate that this person did create the plugin and that the text of the plugin you recieved is correct and from that person who owns that account at a specific time.

Could you describe this a bit more detailed in a few steps and separated by actions by plugin creator and plugin user? Not yet really understand the process.

1. User completes the entire plugin with manifest, signature field is empty.
2. User takes a sha256 sum of all the files in the directory of the plugin, (through a command or a tool can be made)
3. User puts the hash into token of nxt client.
4. User takes the token generated and adds it to the manifest.

Validating:
1. Valudator zeros the signature spot and hashes the plugin
2. Compares the hash and public key to affirm the token signature.
3. If it passes this plugin is valid.

Bump, I feel this should at least be an option if not required, I will probably implement a plugin validator plugin anyways.

Yes! Mightn't make it for first version, but should be in later versions. Perhaps plugin creators can review each other's plugins so that several eyes have been on each plugin after the files have been hashed and before they are likely to be used by everyone else.
NXT-CSED-4PK5-AR4V-6UB5V
Pages: 1 [2] 3 4 5  All