• caglararli@hotmail.com
  • 05386281520

How trustful are KeePass plugins?

Çağlar Arlı      -    18 Views

How trustful are KeePass plugins?

KeePass is great, I love it but after several years using it, sometimes I wish to install a plugin but I don't because I'm scared of what this plugin can really do without my consent.

The documentation about plugin development is really short. I downloaded and compiled the source code but I don't understand where is the API list of functions plugins have access to.

As said in the documentation, the PLGX format is a "not yet compiled" format

Instead of compiling your plugin to a DLL assembly, the plugin source code files can be packed into a PLGX file and KeePass will compile the plugin itself when loading it

So it should be possible to read these files. How to do this?

Let's take the example of Favicon downloader or even Password counter. These 2 plugins clearly show that they both have access to internet and my passwords. So how can I be sure they don't steal them? I mean they could just send all my information to a server and I'd never know it.

So if there is no way for me to read the PLGX files, the only way to ensure an optimum security is to develop my own plugins by myself?