I have a client who just landed a major job, and they've been asked by their client to run all user browsers in developer mode. This is intended to install an unsigned extension that allows access to shared documents through their portal. I'm pretty sure this is a terrible idea and highly risky, but I'm wondering if I'm being overly cautious. Any guidance on this situation?
5 Answers
You've got a point—keywords like 'dev mode' and 'unsigned extension' definitely raise red flags. This setup could open up serious security vulnerabilities, and it's not common practice to run browsers that way for this purpose.
Honestly, we don't even allow signed extensions for security reasons, so let alone an unsigned one. It's worth questioning why a document portal would require a setup like this in the first place. Reputable organizations shouldn't be doing things like that.
You're right, it's a bad idea. In Chromium-based browsers, extensions are generally disabled in developer mode by default, which raises more issues. Even if you manage to enable them, you'll get constant warnings about security risks. It's just not worth it.
Present your client with all the risks and consequences involved. Make sure they understand what they’re getting into before moving forward with this request.
It's definitely unreasonable to request that. I suggest asking the client why the extension isn't signed and properly distributed. It's usually not hard to get that sorted out, and a good developer should be able to handle it without resorting to risky measures.
Exactly! It's crucial to stick with safe browsing practices, especially in a work environment.