Ask users whether they trust the project contents when starting a workspace from a factory link #20249
Assignees
Labels
area/plugins
kind/enhancement
A feature request - must adhere to the feature request template.
sprint/current
Milestone
Comments
ericwill
added
kind/enhancement
|
There used to be other ways to share access to workspaces (I believe "organisations" in che server). If these mechanisms still exist, they would also be a candidate for such a warning. |
This was referenced Aug 26, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your enhancement related to a problem? Please describe.
A user could start a workspace from a factory link, which points to a project with potentially malicious code. While there isn't much we can do about users running malicious devfiles, we can at least ask them (during workspace startup) whether or not they trust the source.
Describe the solution you'd like
When starting a workspace from a factory link, prompt the user to confirm that they trust the content of the workspace they are starting. If they do not, then abort the workspace startup. This could be done with a dialog.
Of course it would be annoying to have to do this every time. There should probably be a setting where the user can disable this dialog from being shown.
Describe alternatives you've considered
I'm open to any other ideas 😄
The text was updated successfully, but these errors were encountered: