RSS Feed

Plugin Developer Discussion

Hi!

I'm part of this program because I want to integrate internal databases from our company with out internal installation of FogBugz, for example we want to see if a support contract is still valid immediately.
So absolutely no interest in OnDemand etc.

Can I disable the appdomain protection that FogBugz enforces for plugins? I want my plugins to run with the same rights as FogBugz itself so that it can directly go to databases and that it is easier to do things than through the wrapper APIs?

Thanks
 Christian

This is not currently possible, but it is on the radar for a future version.  The only thing you could do now would be to interface with another application over the web that has access to your DBs.

That's disappointing.

You really designed this for your OnDemand accounts and not for people who install it themeself, didn't you?

I wonder how you will do this appdomain stuff on Linux using mono, as far as I know mono does not implement Code Access security.

I really think that these extra security and the appdomain brings absolutely no advantage to anybody who installs FogBugz on his own server, correct me if I'm wrong

Christian,

Allowing turning off the AppDomain permissions for specific plugins has been something we've talked about from the very beginning of the plugin architecture.  Ultimately we decided that, given limited resources, it was more valuable to have a plugin architecture that focused on people sharing plugins than one that focused on writing one-off plugins for internal use (though we absolutely recognize that people want to do this and we'll probably support it in the future).

The appdomain sandboxing that we do is a way for FogBugz administrators to feel confident that if they install a plugin written by a third party that it won't compromise their server.  Since we anticipate a wide variety of third-party plugins, I think the appdomain security does add a lot of value for customers who have FogBugz installed on their own server.

I hope that this makes a bit more sense to you.

Also, you are correct that Mono does not support Code Access Security.  Customers who use mono should be careful about installing third-party plugins.