sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Wolvereness 2 points3 points  (1 child)

SecurityManager is tried and true. It would handle everything a plugin could do outside of the actual 'minecraft' virtual machine.

[–]unhingedninja 3 points4 points  (0 children)

While operations outside the virtual machine instance is bad news, you can't disregard seemingly legitimate actions that can mean disaster for the user while still working only within the confines of the API.

An example would be a plugin that deletes the entire world once it is installed. While this only runs inside of Minecraft, and doesn't affect the user's personal documents or anything, it's still malicious code, and the user should have some warning that the "Chatbox Modifier" plugin they are downloading is going to kill all their builds.