Hidden bad code in plugin

5 个月 前
Hi All,

In term of security, is it possible that any plugin that we buy in marketplace possibly contain a bad code to collect our data and send to third party.

If so, any prevention for this kind of thing?

Thanks,
Chandara
5 个月 前
MK_Mick wrote:
Hi All,

In term of security, is it possible that any plugin that we buy in marketplace possibly contain a bad code to collect our data and send to third party.

If so, any prevention for this kind of thing?

Thanks,
Chandara


possibility is very low. any organization will not ruined their reputation. but if any confusion you can find out by inspecting network call.
5 个月 前
Or for more deep inspacting Fiddler is the parfect tool to check network call. https://www.telerik.com/fiddler
5 个月 前
For a plugin to be accepted by the Marketplace, the vendor must submit their source code as per the guidelines:
https://www.nopcommerce.com/en/submitting-plugins-to-nopcommerce-marketplace.

I don't know how they "analyze" for security issues.  Maybe the team can provide more information.
5 个月 前
rk.menon wrote:
Or for more deep inspacting Fiddler is the parfect tool to check network call. https://www.telerik.com/fiddler


Thank you, RK.

Thanks,
Mick
5 个月 前
New York wrote:
For a plugin to be accepted by the Marketplace, the vendor must submit their source code as per the guidelines:
https://www.nopcommerce.com/en/submitting-plugins-to-nopcommerce-marketplace.

I don't know how they "analyze" for security issues.  Maybe the team can provide more information.


Thank you, New Work.
Have read guideline and no more doubt on this one.

Thanks,
Mick