Moreover in case of an open source plugin, you can't be sure the PLGX file you downloaded really correspond to the public available source code. The only problem is that some of them are open source, some others are not. So in short, the only way to ensure an optimum security with the KeePass plugins is to review their codes by yourself. So if there is no way for me to read the PLGX files, the only way to ensure an optimum security is to develop my own plugins by myself? So how can I be sure they don't steal them? I mean they could just send all my information to a server and I'd never know it. These 2 plugins clearly show that they both have access to internet and my passwords. Let's take the example of Favicon downloader or even Password counter. So it should be possible to read these files. Instead of compiling your plugin to a DLL assembly, the plugin source code files can be packed into a PLGX file and KeePass will compile the plugin itself when loading it I downloaded and compiled the source code but I don't understand where is the API list of functions plugins have access to.Īs said in the documentation, the PLGX format is a "not yet compiled" format The documentation about plugin development is really short. KeePass is great, I love it but after several years using it, sometimes I wish to install a plugin but I don't because I'm scared of what this plugin can really do without my consent.
0 Comments
Leave a Reply. |