Search the Community
Showing results for tags 'plugins'.
Found 1 result
Open Letter to 3rd Party CC Developers
SimChris posted a topic in General DiscussionHello all... I wanted to make a comment to all the CC developers (not Devellion), specifically those making add-ons, modules, plug-ins, themes/skins, etc. to "extend" the capabilities of CubeCart. First, as somebody who has been doing ecommerce since 1996 (!), including projects for Oprah Winfrey, large camera stores, No Fear clothing, etc. -- I've got a good background on how stores should and should not work. I've managed my own web server(s) since 1996, and ran a hosting company from 1996/7 to 2005. I've been using CC since 2010 and have been very happy. We worked with some great folks on plugins/extensions for CC4, and rarely had any problems. However, with CC5 I'm seeing a somewhat disturbing trend, and would like to comment publicly about it here. 1) I've noticed a number of plugin folks making elements which 'phone home' to verify a license 2) I've noticed folks putting in advertising links in their plugin (like the late captcha plugin) 3) I've noticed some themes/skins and whatnot making outbound calls to CDNs for .js files and such First, while it should be obvious that secure ecommerce systems should NEVER make outbound links to other sites for security purposes, it's also true many CC third party developers don't actually run any kind of ecommerce business themselves (one of my faves is always the CC plugin sellers who can't make their items downloadable when that's a built in function of CC!) and hence don't have to deal with the actual business of working with a wide range of clients - ever notice CC plugin/addon sellers whose store isn't even secure? Um... duh. No skin or plugin should contact an outside CDN or website, or the developer's own site, to download anything, check in or anything like that. This is a massive security threat and CDNs, developer sites, come and go like the wind. Your little .js you include as a connection in your HEAD might load malware when you decide to pack it up and get a real job, leaving us with an injection of malware and you could care less. I would like to make this issue more public as it's been creeping into a number of things lately. I just removed on from a popular commercial skin (hint mentioned in my footer), removed a captcha with links to an SEO service in the actual plugin, and refused to buy another add-on as it phoned home every time to verify it was "licensed." Really? So.... please be aware I will start "calling out" those folks who do this kind of "bad behavior" as it's NOT secure, not wanted, and bad practice. Feel free to join the conversation on this one, folks. Chris