Hello community members, I have a silly question to ask.
Can we really trust external plugins which are sold by 3rd party developers, like Monkeybread software etc?
Can these Plugins may have malicious code within it?
I am looking for a chart control wherein I want to present certain information with graphs within a desktop application.
Any guidance and advice in this regard will be helpful.
Thanks
Well you can always use a HTMLViewer to show a html based chart if you don’t trust plugins.
Since the plugins are backed by a plugin developer (company mostly) you should be able to trust. But any code could be inside, i can’t see in it…
Just to say, i use the MBS plugins myself. So i trust them…
3 Likes
Our plugins regularly are checked with Apple’s notarization services, virus and malware checks. They are secure.
Thousands of clients use them for projects including big cooperate and government customers. We have no problems there in that direction.
8 Likes
Hi Sarvesh!
This question has come up in the past, and the answer I usually give people is:
Yes, you can trust Christian.
That said, these sort of doubts are one of the reasons why I provide source code to my products now, and haven’t sold encrypted classes in over a decade. You don’t have to trust that I’m not doing something shady if you can see the code.
This is a bit more difficult for those who develop and distribute plugins, but the big names in plugins have been around forever and have proven trustworthy by virtue of the sheer number of people who use their products without issue. When in doubt, I’d encourage you to ask for the experiences of others here in relation to a specific third-party developer or a specific product.
5 Likes
Let us know if you have any specific questions about the plugin.
e.g. the ChartDirector plugin doesn’t include any networking code.
4 Likes
@Sarvesh_Ambekar and that’s the reason why I prefer @Christian_Schmitz plugins over @Anthony_G_Cyphers GraffitiSuite. With Christian’s tools I don’t see his code and I feel better :-). Looking at Antony’s code I feel like an absolute beginner with all the magic he is doing there (which I often can’t understand) 
and I’m sure it would be at least the same if I could see the magic (and work) behind MBS, Einhugur, etc. …
More seriously: I’m using both for years, and the brilliant tools from Einhugur (@Björn_EirĂksson). All three gentlemen are very helpful and have excellent customer support. I don’t see any risks with their plugins.
You’re raising a valid question. But they could only do real main harm if those tools would send information “back home”. And that’s something you and others can test with i.e. sniffers etc. I’m sure that some paranoid people (especially in the business and government area have done that in the past).
I believe the business of Xojo Plugins is such a niche business, that no one can afford to do crazy stuff because it would instantly jeopardize their business model. Again, I’m very happy with their products, not so much how Xojo is handling plugins (but this is on the roadmap to change … sad news: for quite a while now ).
4 Likes
Hello, the only thing really helps is scanning everything with a FOSS-tool and check all security related websites and forums.
BTW, you could ask also the same questions for all runtimes / libs,…you ship with your code… , or the things which where installed by your customers.
BR Rainer
2 Likes
I have been using Christian’s MBS and Björn’s Einhugur plugins since the year of 2003. Both are great, they are a must for serious work. And they are hundred percent safe and secure, you can fully trust them.
7 Likes
Monkeybread software (MBS) Plugins are the gold standard, nothing to worry about and worth every cent in my opinion. Using them for years.
6 Likes
Same here. If Xojo doesn’t even want to look at your bug because it’s so obscure then Christian will have your back. Usually, within a couple of hours.
6 Likes
Thank you all.
I am grateful for your advice and guidance.
Best Regards,
Sarvesh Ambekar
1 Like
Christian and MonkeyBread™ have been around for decades. 100% trust him personally, and the plugins he produces. Plus he’s more active on these forums than anyone else in history. Love this man. 
6 Likes
Most plugin vendors post here and have been posting here for a long time. I haven’t seen a lot of new vendors pop up in recent years.
You can be assured if someone was a bad player and around for any length of time they’d be suitably tarred and feathered here.
1 Like