I'm in the process of building a new content management system (called Xenon), kinda like all those Nuke progs except on a smaller scale. I want to have the base system be pretty minimalistic as far as end-user features go, but have it be capable of accepting plugins so that features can be extended. Cuz that was the one big problem I had with all those other Nuke progs - they crammed so much stuff in there that I had no use for, it made it a real pain to install/administer them. So anyone who wants it can get the base program by itself, and then add only the things they need.
Now, the way I'm thinking of doing plugins is have all required files and information be stored as variables in one file, which the user uploads to his server, and the base app will unpack it all into the proper files and database entries. Rather a pain on the development end, but this would prolly be easiest on the user. There is just one problem I can find with this: if some evil PHP coder decided to write a bad file, they could present it as an official plugin and do all kinds of nasty things to the unsuspecting user's server if the user was unlucky enough to install it. So what I want to do is have some way to sign all the plugin files so that the main script won't install them without the proper signature. This would be easy with some sort of hashed password stored at the top of the plugin file - Xenon checks the password, matches it to the one it knows, and the installs only if the signature passes the test.
The problem with this system is, anyone that has the base program would easily be able to find the proper install key, and then it would still be just as easy to forge plugins.
So my question is, is there any way at all to somehow keep one key totally secret and out of the Xenon base script, so that even if someone does have have Xenon they still won't be able to get the first install key and forge plugins? Or is this just not feasible, and I should just include some sort of warning that if they didn't download the plugin from my official server it could be tainted?
Thanks in advance!
(PS - I hope this made sense. And sorry that I get kinda lengthy with my descriptions... hope this didn't take too awful long to read.
)
---Jamin
