Verify all plug-ins before loading them into the application is important, because a hostile or malfunctioning plug-in may cause crashes or security leaks, even on otherwise well-tested applications. Platform Security takes care of the plug-in verification by using the capability model; processes cannot load plug-ins that are less trusted than the process itself, that is, have less capabilities.
It is possible to use plug-ins to implement additional functionality to Serial, Socket, and Messaging frameworks. These kinds of plug-ins are especially important for security because they act in the vicinity of communication facilities.
- For serial communication there are communications modules (CSY), which are DLL plug-ins to the Comms Server and need to be loaded before data can be transferred.
- For socket-based communication there are protocol modules (PRT) and an affiliated capability file (.esk). Generally, PRTs work in the same way as CSYs in serial communications.
- For messaging there are Message Type Module (MTM) plug-ins. The main difference when compared to serial and socket plug-ins is that MTMs are a suite of DLLs rather than a single DLL. Also, MTMs include both client and server components.