diff --git a/docs/src/content/docs/br/getting-started/security.mdx b/docs/src/content/docs/br/getting-started/security.mdx index 180acd32..d064399f 100644 --- a/docs/src/content/docs/br/getting-started/security.mdx +++ b/docs/src/content/docs/br/getting-started/security.mdx @@ -1,19 +1,18 @@ --- -title: Bezbednosni interesi +title: Security concerns --- Castopod je napravljen na [CodeIgniter4](https://codeigniter.com/), PHP okviru koji podstiče [dobre bezbednosne prakse](https://codeigniter.com/user_guide/concepts/security.html). -Da biste maksimalno povećali bezbednost vaše instance i sprečili bilo kakav -zlonamerni napad, mi preporučujemo da ažurirate sve dozvole Castopod datoteka -nakon instalacije ili ažuriranja (da biste izbegli bilo kakvu grešku prethodne -dozvole): +To maximize your instance's safety and prevent any malicious attack, we +recommend you update all your Castopod files permissions after installation or +updates (to avoid any prior permission error): - `writable/` direktorijum mora biti **readable** i **writable**. - `public/media/` direktorijum mora biti **readable** i **writable**. -- bilo koja druga datoteka mora biti podešena na **readonly**. +- any other file must be set to **readonly**. Na primer, ukoliko koristite Apache ili NGINX sa Ubuntu-om možete uraditi sledeće: @@ -23,3 +22,23 @@ sudo chown -R root:root /path/to/castopod sudo chown -R www-data:www-data /path/to/castopod/writable sudo chown -R www-data:www-data /path/to/castopod/public/media ``` + +## Third-party Plugins + +Since v2's [Plugins Architecture](../../plugins), Castopod can be extended with +all sorts of cool features. Anyone can choose to create their own plugins and +even share them with the community. + +👉 Plugins are a way to inject code in parts of Castopod through +[Hooks](../../plugins/hooks). + +Now, if you create your own plugin and install it in your own Castopod, that +means you control both the code that gets injected and the environment: all is +good! + +But as for **third-party plugins**, you must treat them as a **potential +security risk _by default_**: + +1. Make sure you **trust the source before installing any third-party plugin** +2. **Review the plugin's code** yourself if you can or + [ask developers from the community for help](https://castopod.org/chat)