Private Plugin-List solution wanted



  • From v7.6 the built-in Plugins Admin use the communal plugin list (JSON format), wrapped as in nppPluginList.dll.
    For the sake of the security, nppPluginList.dll is signed by Notepad++ certificate, and its signature is verified by Notepad++ before loading it.

    I’ve got a request from some enterprises, for the reason of their security policy, they can only download plugins from their internal plugins repository, therefore they request a way to load their Private Plugin-List.

    Of course, the current implementation doesn’t allow such thing, and I have no idea so far to deal with this request without downgrade current security for loading plugin list.
    If you have any secured generic solution, please let me know.



  • i wouldn’t lower the security of nppPluginList.dll if possible.

    a code signed dll with known download sources poses a lesser thread than an editable json file, or a prior and familiar PluginManagerPlugins.xml that can deliberately be re-altered to rogue needs by a source from within.
    (so it would basically cause a security issue, within the same company that requested this to be customizable for their security policy reasons, due to the fact that they requested this to be customizable for their security policy reasons ;-) )

    an alternative, without lowering this little token of security, is to wrap custom enterprise nppPluginList.dlls as a service, charging a fee for each json that has to be embedded.

    another alternative is to grant them to code sign (or resign) their custom nppPluginList.dll’s with their own certificates.
    this could be securely either done by including their cert(s) in the allowed list of a next notepad++ release, or by building a custom built notepad++ for this enterprise with this specific cert in it’s allowed list.

    did they state any specific reason, why they want to use a customizable plugins admin, instead of deploying a fixed set of plugins folders ?



  • @Meta-Chuh

    Thank you for your thought.

    Both alternative solutions need more work for each enterprise request.
    Furthermore it’s a big responsibility - without mentioning that authentication of the enterprises is not my expert domain.

    did they state any specific reason, why they want to use a customizable plugins admin, instead of deploying a fixed set of plugins folders ?

    It’s quite common such security policy in enterprise: They don’t want people to be able to install any binary from outside of enterprise.



  • @donho said:

    They don’t want people to be able to install any binary from outside of enterprise.

    It is not possible to drop a home-brewn nppPluginList.dll to the plugin folder since it is signed, thus nobody is able to fake it. And when this issue is fixed, only admins can install/copy plugins to the plugin directory. If they don’t trust their admins nobody can help them.



  • @donho

    if you wish a simpler solution, that does not compromise your currently implemented security to others than to the concerning enterprises, you could make it possible to use an alternative nppPluginList.json in %PROGRAMDATA%\Notepad++\plugins\Config instead of the default nppPluginList.dll under the following condition.

    this must be accompanied by a clearly perceptible (disclaimer) warning confirm box (cancel, ok) that displays a warning like:
    "Warning: you are about to install/uninstall Plugins from a custom 3rd party source.
    please verify this source before you continue."

    which should be triggered each time someone starts plugins admin, then also each time someone tries to install a plugin in plugins admin, and each time if someone tries to uninstall a plugin.

    btw: it does not have to be a json, it could also be an unsigned nppPluginList.dll with an embedded 256.
    and now that i mentioned “unsigned dll”:
    currently a tempered nppPluginList.dll will just show an empty plugins list.
    a good idea would be to check for that too, so you have 3 cases:

    • nppPluginList.dll is signed by you >
      default behaviour as it is now
    • nppPluginList.dll is unsigned >
      show disclaimer warning
    • nppPluginList.dll is signed by you but tempered (invalid certificate) >
      cease operation, issue an alert window and exit plugins manager

    alternative solutions need more work for each enterprise request.

    pm. me if you like


Log in to reply