Ideas on Plugins and Security
We should probably have a ION_PLUGINS_ENABLED
variable that is set to 1 by default, but can be set to 0 to disable support for plugins. In addition, maybe we could also implement an optional ION_PLUGINS_METHOD_WHITELIST
and ION_PLUGINS_NAMESPACE_WHITELIST
array which can be used to designate plugins that are explicitly allowed to execute. Then maybe we could have a means of protecting certain variables from being set within scripts, or even only allowing certain variables to be set from an environment file. Suggestions welcome for ways to make Ion more secure.