Should I allow a plugin to crash my application?

Question

I am adding an event driven plugin api to a web based system I am working on.

Should I wrap the plugin calls in a try/catch to make sure they don't crash or should I leave this up to plugin developers to take care of.

Also, some of the plugins may change the data I pass them, should I re-validate all the data or trust the plugin developers not to break anything?

Answer 1

You should not let your program crash.

If you can protect yourself from innocent mistakes by plug-in writers, you should do so - both by handling exceptions and by revalidating modified data that your code must reuse.

What you do when you find a problem (exception or malformed data) is up to you - unloading the plug-in and not using it again until it is reloaded might be sensible in production mode. For plug-in developers, providing good diagnostics of what went wrong would be sensible - possibly even crucial to gaining widespread acceptance (lots of people writing plug-ins for you). If the other programmers cannot resolve problems effectively, they may not continue to try.