Replies: 1 comment 1 reply
-
Thanks for sharing that! We'll take a look. But ExtPay does not store a user's paid status in the chrome extension storage so that cannot be hacked. And in general I'll say this: because extensions ship JavaScript code to your users you can never perfectly secure them from people modifying the code. Even with obfuscation techniques, users can always just copy the code and modify it in a new extension. As such, I really wouldn't worry about people side-stepping your extension's paid functionality — in practice we haven't seen it much. Even Mozilla doesn't recommend trying to secure your system perfectly: "Developer Tip: Do not spend too much time securing your licensing system against hackers, because users who are inclined to use a hacked license are unlikely to pay for one. Your time is better spent developing new extension features that attract more paying users." (source) In fact, statistically speaking it's much more likely that no one pays for your extension than people steal it! With ExtPay's current system, developers have made hundreds of thousands of dollars and counting, so please do not spend much time worrying or thinking about being hacked. Your time is much better spent developing something valuable. |
Beta Was this translation helpful? Give feedback.
-
Currently, ExtPay uses standard storage. This makes it easy to hack if someone understands the mechanism. If you could support Plasmo's Secure Storage, it would be encrypted and much harder to hack.
https://docs.plasmo.com/framework/storage#secure-storage
Beta Was this translation helpful? Give feedback.
All reactions