Hi Frederic,
Thank you for your reply!
First let me say that I completely understand that having something encrypted or obfuscated seems a little bit suspicious but if you continue reading you will understand our true intentions of doing this.
I think it is not correct to assume that obfuscated code or encrypted stored procedure means something harmful or dangerous.
Obfuscation is something normal in the .NET world or even the Javascript world and it doesn't mean that the code is harmful or dangerous. A lot of software companies do this as a level of protection of their intellectual property.
We use the obfuscation for the same reason to protect our code to some degree.
In a perfect world we would not be worried about our code being stolen and we wouldn't even had this discussion with you.
Please note that we are also not happy of fact that we need to add a level of complexity to our release cycle by obfuscating the code (which leaded to the issue as the one that happened to you).
FredBell wrote:
Opening the views in visual studio crashes studio every single time.
This is probably due to all the DLLs that have been mangled during obfuscation.
this is issue is not a big deal - we can find work around.
This is strange and should not happen.
Please note that the obfuscation could not be the reason for this and it should be something else.
Please
submit a ticket and we will take a look and advise.
FredBell wrote:
But I have some important question about the code - and would love if you could shed some light into it before we can be confident using it. Thank you in advance.
Now we are trying to decide what we can safely use from your product suite.
Which plugins can we install that will not put any kind of encrypted data in the database – that will not make any network calls to other servers?
You are welcome and I am glad you asked this question.
It is absolutely safe to use all our products as they won't harm anything to your nopCommerce installation.
There is only a SINGLE plugin - Nop Ajax Filters - that uses an encrypted stored procedure and you can read why we are forced to do this in this
post. I can assure you that this stored procedure as well as any of our products does not make any newtwork calls to any servers and I don't understand why you have such doubts at first place.
Please note that our products are used on thousands of nopCommerce websites and we could not afford to make any stupid things that could make our customers having doubts in our products.
FredBell wrote:
Is there any other harmful or potentially harmful functionality currently included in your software that you have not disclosed to us yet?
Frederic
First let me say that there is no any harmful functionality in our products.
If you consider the encrypted stored procedure as harmful then I can assure you that this is the only encrypted stored procedure in our products. Actually the Ajax Filters are the only plugin that adds a new stored procedure in the database. None of our other plugins add any stored procedures or encrypts anything in the database.
I agree that having an encrypted stored procedure causes some inconvenience during the backup process.
If you have any ideas how we can protect it in a way that won't cause such issues I will be glad to hear them!