• The plugin relies on a remote host, which makes it fundamentally insecure. No matter how well the code is written, all it takes is a man in the middle attack and the entire stack is compromised.

    It would be better if the generated code was done on the server, and provided on the server like the boilerplate generators. Having a plugin to do it is opening up a security hole.

Viewing 3 replies - 1 through 3 (of 3 total)
  • I just replied to Franz. Wp App Studio is not gonna fix nobody’s servers security problems.

    If you are worried about the security, man in the middle attack etc. or your network is not secure enough, use their demo server (demo.emarketdesign.com). Wp App Studio is installed and fully functional there.

    Generate your code there in their own server. That’s what I do when I can not connect to company servers. Then you will be able to review the code, and see if it is safe enough for you. It is open source, modify, hack do whatever you want and make it useful for yourself and others. if you like to see more improvement, let them know. Their support team is great and very helpful.

    That’s good, but that’s how all the code should be generated and deployed

    Wp App Studio does not generate code. The backend SaaS server does. All process starts and finishes in their server. It does not touch your box at all. The code is then uploaded Amazon S3 then you are provided with a link to the app’s (plugin) zip file. The plugin data is kept in S3 for 6 months so you can download from there whenever you want.
    I also asked them to host the plugins generated in their servers and make them available to our clients. They said they are working on the setup.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Fundamentally Insecure’ is closed to new replies.