Item12327: SafeWikiPlugin: reworked code signing system

Priority: Enhancement
Current State: Being Worked On
Released In: n/a
Target Release:

Applies To: Extension
Component: SafeWikiPlugin
Branches: trunk

Reported By: JanKrueger
Waiting For: JanKrueger
Last Change By: JanKrueger

The current code signing in SafeWikiPlugin is (a) unsafe to due its use of the broken MD5 algorithm and (b) not flexible enough for Foswiki:

Some plugins, most notably JQueryPlugin, dynamically generate JavaScript code. Signing something dynamic is currently impossible. Plugins could, in theory, be trusted to embed safe JS code, but currently they aren't and so this kind of code is needlessly filtered away.
Since signatures for script code included in Foswiki are installed via LSC, this field can't easily be used by administrators for adding their own signatures – each Foswiki update would require manual work to merge the changes. This makes the field rather useless. Similarly, plugins that come with their own embedded JavaScript have no simple way of passing signatures to SWP.

I've implemented a new signing system that I will commit soon. I'd appreciate testers and feedback.

-- JanKrueger - 03 Jan 2013

Summary	SafeWikiPlugin: reworked code signing system
ReportedBy	JanKrueger
Codebase
SVN Range
AppliesTo	Extension
Component	SafeWikiPlugin
Priority	Enhancement
CurrentState	Being Worked On
WaitingFor	JanKrueger
Checkins	SafeWikiPlugin:c221f13ab8d8 SafeWikiPlugin:4e2827fc5de8 SafeWikiPlugin:90d174e9346a SafeWikiPlugin:78cdc3615ffa SafeWikiPlugin:4e79f18c3901 SafeWikiPlugin:13c5299e7f37 SafeWikiPlugin:3ba5fb94c0a0 SafeWikiPlugin:0c45837136f8 SafeWikiPlugin:0afcfdf8d946
ReleasedIn	n/a
CheckinsOnBranches	trunk
trunkCheckins	SafeWikiPlugin:c221f13ab8d8 SafeWikiPlugin:4e2827fc5de8 SafeWikiPlugin:90d174e9346a SafeWikiPlugin:78cdc3615ffa SafeWikiPlugin:4e79f18c3901 SafeWikiPlugin:13c5299e7f37 SafeWikiPlugin:3ba5fb94c0a0 SafeWikiPlugin:0c45837136f8 SafeWikiPlugin:0afcfdf8d946
Release01x01Checkins