Theme and Plug-in source code are secure?

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.

Total Posts: 84
Karma: 714
Joined: 6/8/2014
Location: Thailand

Posted: 9 years ago

How can we ensure for Theme and Plug-in source code which contributors provide for free is clean without any hack or virus inside original Nop source code?

ima9ines

MVP

Certified Developer

Total Posts: 766
Karma: 16050
Joined: 12/24/2012
Location: Vietnam

Posted: 9 years ago

Any contributed free theme and plugin need approval from nopCommerce team before you can see theme on the list.

jayc

Total Posts: 117
Karma: 1016
Joined: 9/6/2014
Location: Australia

Posted: 9 years ago

It would be nice if the Plugins bin and Plugins content was seperated into folders.

eg. Follow the MVC folder structure, could be something like:
/Plugins/bin/DiscountRules.CustomerRoles           (Nop.Plugin.DiscountRules.HadSpentAmount.dll, ...)
/Plugins/Views/DiscountRules.CustomerRoles      (Configure.cshtml)
/Plugins/Content/DiscountRules.CustomerRoles   (description.txt, logo.jpg)

Applying IIS Hidden Segments to the /Plugins/bin folder would be alot easier.

I'm sure many nopCommerce IIS deployments have overlooked this security and may have left their plugin DLL's exposed to the clients for download!

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.

Still have questions or need help?

. Premium support services . Get dedicated support from the nopCommerce team with a guaranteed response within 24 hours.

. Online course for developers . Get the practical and technical skills you need to run and customize nopCommerce websites.