Spotfire Visualization Mods

Spotfire visualization mods are visualizations created using web technologies such as JavaScript or TypeScript, that run in the provided framework within Spotfire clients. Running a mod involves code execution, therefore, provisions are in place to help users make trust decisions. Mods can be created and uploaded to a Spotfire library by any user with sufficient privileges, and trust for mods can be handled either by the server administrator or by end users, depending on how the environment has been configured.

The trust for mods is based on code signing by the developer of the mod. When mods are developed for a particular Spotfire environment, they can be signed by the user account that loads the mod project into Spotfire, but mods can also be signed using a certificate created by a certificate authority (CA). See Trusting custom content in the Spotfire environment in the Server and Environment - Installation and Administration manual for details about trust. For information about signing see Signing a visualization mod using Package Builder in the Spotfire Developer documentation.


Component	Description
Licenses	The license features for working with Spotfire visualization mods are located under Spotfire Extensions. To create new visualization mods you need the Develop Visualization Mod license feature. To open .mod files from the library you need the Open Visualization Mod from Library license feature. To use local .mod files you need the Open/Save Local Visualization Mod license feature. To be able to save .mod files to the library you need the Save Visualization Mod to Library license feature. To be allowed to trust mods developed by others you need the Trust Mods license feature.
Execution context	Visualization mods run in a sandboxed iframe within the Spotfire clients. If a signer is trusted, mods developed by that signer will work the same way as native Spotfire visualizations. If a user opens a file containing a trusted visualization mod, then the code can access anything the user has permission to access. For this reason, only trusted users should be allowed to develop mods. If an untrusted visualization mod is accessed by a user who is allowed to trust mods, the user will be asked whether to trust the mod. It is then possible to choose to trust either that particular mod or to trust the signer. Once trusted, the mod will run for this particular user. Users who lack the permission to trust mods will not be able to use any untrusted mods at all.

If you suspect that a signature or a specific mod has been misused, there are several actions that can be taken depending on the situation:


Option	Description
Remove previous trust decisions	Any trust decision, taken by either the administrator or by an end user, can be withdrawn. If an administrator has configured a signer to be trusted for a specific group, this trust can be removed by clicking Revoke trust on the Trusted signers page for the group in the administration pages on the server. See Removing trusted signers from a group. Administrators can also remove trust using the `remove-code-trust` command. End users can also remove trust for any mods or signers that they previously trusted on their My account page, which can be reached via the Manage trust dialog in the client.
Invalidate signature (revoke certificate from server)	If there are suspicions that a user on the Spotfire Server has signed unsafe mods, it is possible to revoke the user's certificate, which renders signatures invalid. This prevents other users from making a trust decision based on false premises. When a certificate has been revoked, any mods that have been signed (after a specified time) will be considered invalid. An end user who tries to add a mod with an invalid signature will be informed that the signature has been invalidated. By default, mods with invalid signatures cannot be trusted in on-premises systems. An administrator can revoke the certificate for a user through the `revoke-code-signing-certificate` command, whereas an end user can revoke their own signatures on their My account page, reached from the Manage trust dialog.
Block certificate, user or item	If there are suspicions that a certificate from a CA or a specific visualization mod is being used for malicious purposes, it should be blocked from the system. An administrator can block either the certificate, a Spotfire user or a specific visualization mod through the `block-code-trust` command. Note: If you select to block a specific mod then it might still be possible to trust and use an updated version of that mod. Note that any modification will be seen as an update from a trust perspective. See Blocking certificates, users or custom items for more information.