Hi,
maybe my questions are silly but I have some ( :
What are the steps of evaluating the plugins by nopcommerce member? I mean how you validate that a plugin does not stolen any data and send it to the developer? I am new to that community and I am a bit cautious when I think to use a plugin, especially plugins for payment integrations.
Regards,
Boris
How nopcommerce verified that a plugin does what it ment to do?
- 407
- 3708
- 8/4/2013
- India
vorodot wrote:
you can use http://www.telerik.com/fiddler to check all requests sending to servers with all informations.
Hi,
maybe my questions are silly but I have some ( :
What are the steps of evaluating the plugins by nopcommerce member? I mean how you validate that a plugin does not stolen any data and send it to the developer? I am new to that community and I am a bit cautious when I think to use a plugin, especially plugins for payment integrations.
Regards,
Boris
maybe my questions are silly but I have some ( :
What are the steps of evaluating the plugins by nopcommerce member? I mean how you validate that a plugin does not stolen any data and send it to the developer? I am new to that community and I am a bit cautious when I think to use a plugin, especially plugins for payment integrations.
Regards,
Boris
you can use http://www.telerik.com/fiddler to check all requests sending to servers with all informations.
- 94
- 560
- 3/2/2014
- Bulgaria
Normally I read the comments(if any) for the plugins that I want to use.
But does it mean that the plugins are not validated by the team at all?
Fiddler cannot always help, especially for backend implementations with a lot of if-checks and stealing data only under fulfilled circumstances.
I just wondered how much suspicious to be ( :
Thanks for the answer.
But does it mean that the plugins are not validated by the team at all?
Fiddler cannot always help, especially for backend implementations with a lot of if-checks and stealing data only under fulfilled circumstances.
I just wondered how much suspicious to be ( :
Thanks for the answer.
- 226
- 3440
- 5/27/2013
- United Kingdom
Installing anything on your server is a risk - our (Nop Content) policy is to never make any of our plugins talk to anything out on the internet unless there is an explicit setting for it that can be changed by the user.
It is serious though - and related to Ken Thompsons infamous "Reflections on Trusting Trust" from 1984
https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf
What if a development house got hacked?
If you really want to make sure, my advice would be to run a full nopCommerce installation with the plugin in a virtualized environment (Virtual Box) and monitor the network using WireShark, record any dodgy looking requests and send them to the developer of the plugin directly, or just use one of the good companies who's reputation depends on releasing quality products.
It is serious though - and related to Ken Thompsons infamous "Reflections on Trusting Trust" from 1984
https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf
What if a development house got hacked?
If you really want to make sure, my advice would be to run a full nopCommerce installation with the plugin in a virtualized environment (Virtual Box) and monitor the network using WireShark, record any dodgy looking requests and send them to the developer of the plugin directly, or just use one of the good companies who's reputation depends on releasing quality products.