1. [HOST] Imagic

    [HOST] Imagic Naked Wanderer

    Hi,

    There is a way to write, a way to read, a way to check if a file exists, but no way to list the data files ?
    I read that it was a security problem, but I don't understand how writing to a file (even in json) is more secure than listing files ? It would be great to just list the .json files instead of letting plugins creating their own esoteric listing.

    Thanks.
     
  2. sqroot

    sqroot Master Researcher Plugin Developer

    Iirc all file access is limited to a very limited frame, for instance only having access to a single config file that matches the plugin name.
    What's your concrete use case?
    Normally, if a single JSON file is not good enough to handle your data, you should stick to using an SQLite database.
     
  3. [HOST] Imagic

    [HOST] Imagic Naked Wanderer

    Didn't know I could use SQLite, but I want the data files to be human-readable.
    I understand the security issues, but it's too bad that the data files aren't sandboxed properly, I mean, like a directory for each plugin and they can't go/read/see the parent directory. Unfortunately, implementing that now will probably break all the plugins.
     
  4. Wulf

    Wulf Community Admin Community Admin Oxide Developer

    You can easily have a directory for each plugin if you wanted to, just add the subfolder to the path. It's already implemented, just optional. Plugins should already know what files they create and shouldn't really be trying to mess with another plugin's files.
     
  5. [HOST] Imagic

    [HOST] Imagic Naked Wanderer

    I don't understand. It's not about other plugins, it's about your own plugin. You can't list files, you can't delete them, that's all. It's too bad that you see this as a security/reliability issue when it's just the same as Writing/Reading json files, but I agree, without a proper sandbox directory, it can't be done safely right now. You speak about messing with other plugins, when it's already possible, and will not with a sandboxed directory.

    Whatever, I understand that it can be a lot of work for such limited number of cases. Thanks for your replies.
     
  6. Wulf

    Wulf Community Admin Community Admin Oxide Developer

    I think you're missing the point... you can already have a subfolder for your own plugin, which I stated above. If you are creating those files with YOUR plugin, YOUR plugin should already know which files exist. Is there really a need for getting a list of unknown files in that folder YOUR plugin makes?
     
  7. [HOST] Imagic

    [HOST] Imagic Naked Wanderer

    Of course, it's why I created this topic. The OS keeps track of files for free, why would I create my own file tracker ?

    "Why do we need this simple to use feature if we just can have headache with this one ?" (what I read when I look at your messages)
    I'm sorry, but let's end the discussion here, we can't agree on this.
     
  8. Wulf

    Wulf Community Admin Community Admin Oxide Developer

    You seem to be a getting a little hostile over it... we're just trying to find why it's needed. When a plugin creates a file, it already knows about it, that's why we're not seeing why a plugin should have full reign to an entire directory. What files would be in the directory that the plugin didn't create?
     
  9. [HOST] Imagic

    [HOST] Imagic Naked Wanderer

    It's not hostility, I'm just very direct when it comes to programming. I will do without it.
     
  10. sqroot

    sqroot Master Researcher Plugin Developer

    Why do you need the data files to be in a readable format?
    Also, I understand your issue, but it seems like you're trying to use data files for something they weren't meant for.
    I agree, sandboxing isn't as good as it could be, but with the current approach issues only arise when you're intending to use data files for something they're neither practical nor intended for.
    Still curious about the concrete use case.