rossent wrote:So I can very easy change those and substitute them with some other code which does not call your plugin at all but instead does something completely different from the original intention of the code. So a "rogue" person with access to the database can change the designed behavior of the code and there is no way we can prove that the code which currently runs on the client's server actually did not come from us but was "tempered with". Currently, there is no way you can prevent that. We are looking for a protection against that scenario. I believe you will agree with me that this is Servoy's job, and a very important one.
Sounds like a rather contrived situation. Usually you just care about people stealing your code if they get access to the repository database because it's all in plain text. The "rogue" level you are talking about is typically a client's issue, not your problem. And no software or network is safe from this kind of activity given the will and intent.
In any case, with our plugin it's easy to prove if "malicious" code was inserted—just look at the repository data. Our calls are very specific and in effect behave as API's—you can easily run code before and/or after but not in between. We view this as a collaborative feature, not a security risk.
I do agree with you that Servoy should have done something about code security a long time ago. We argued for it (quite intensely...) so that an ecosystem of readily available components/modules would develop around Servoy. There was a time when we believed Servoy could have really taken off and this feature was the lynch pin for lowering the distribution barrier. (Historical side note: check out
http://www.servoy.com/marketplace.)