cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian LeRoux...@brian.io>
Subject Re: Whitelist defaults
Date Fri, 02 Nov 2012 16:44:14 GMT
The primary use case is the same one as the web: malicious 3rd party
scripts. The less plausible theory is John Resig decides to 'go rogue' and
take out the internet by publishing an evil jQuery to the edge. The more
realistic scenario is embedded advertising getting pwnd and now all our
customers contacts, photos, videos, and who-knows-what-else gets stolen
leaving you holding the bag.

The more I think about this the more I think the default should be * and
the functionality should be opt in with strong language in the
documentation recommending this as a part of securing the app for release.



On Fri, Nov 2, 2012 at 9:23 AM, Lorin Beer <lorin.beer.dev@gmail.com> wrote:

> >
> > I am with Fil, I never use it, and the first thing I do is * it.
>
>
> same here, and then I never think about the whitelist as a security
> solution again.
>
> +1 for covering data sanitization and security in docs
>
> What use cases are we enabling by having the whitelist?
>
>
> I'd be very interested to hear a solid use case as well. If none are
> forthcoming/obvious, I think this is good justification for opening it up
> as Brian suggests.
>
> On Fri, Nov 2, 2012 at 2:17 AM, Jesse <purplecabbage@gmail.com> wrote:
>
> > I am with Fil, I never use it, and the first thing I do is * it.
> >
> > I think it also gives developers the impression that they just load
> > arbitrary untrusted content into their apps, and the whitelist will
> > protect them.
> >
> > Untrusted content will always need to be sanitized, however, having
> > the whitelist even prevents use of the InAppBrowser ( formerly
> > ChildBrowser ) plugin for it's main use-case.
> > If I were to make a twitter client with cordova, I would have to * the
> > whitelist so I could load links without exiting, and I would still
> > have to sanitize the data ...
> >
> > What use cases are we enabling by having the whitelist?
> >
> >
> >
> >
> >
> > On Fri, Nov 2, 2012 at 12:27 AM, Brian LeRoux <b@brian.io> wrote:
> > > I feel its a good feature for a release time but not so during
> > development
> > > time. So what ends up happening is the thing gets *, forgotten about,
> and
> > > negates the usefulness.
> > >
> > > I'm in favor of opening it up and using docs to guide how ppl should
> > secure
> > > their app for release/production.
> > >
> > >
> > > On Thu, Nov 1, 2012 at 10:30 PM, Filip Maj <fil@adobe.com> wrote:
> > >
> > >> Personally I think the whitelist is pretty useless...
> > >>
> > >> On 11/1/12 7:32 PM, "Ken Wallis" <kwallis@rim.com> wrote:
> > >>
> > >> >Not sure why the BlackBerry version white lists everything. We don't
> do
> > >> >that in WebWorks ;)
> > >> >
> > >> >
> > >> >
> > >> >From: Steven Gill
> > >> >To: dev@cordova.apache.org
> > >> >Reply To: dev@cordova.apache.org
> > >> >Re: Whitelist defaults
> > >> >2012-11-01 10:30:42 PM
> > >> >
> > >> >
> > >> >
> > >> >+1 to point it out in the getting started guides.
> > >> >On Nov 1, 2012 6:35 PM, "Marcel Kinard" wrote:
> > >> >
> > >> >> Also sounds like a good step/topic in the "getting started" guides.
> > >> >>
> > >> >> -- Marcel Kinard
> > >> >>
> > >> >> On 11/1/2012 8:36 PM, Dave Johnson wrote:
> > >> >>
> > >> >>> Yup agree it should whitelist nothing but it also needs to
be very
> > >> >>>clear
> > >> >>> in
> > >> >>> the log when we block a request that it's due to the whitelist.
> > >> >>>
> > >> >>> On Thursday, November 1, 2012, Shazron wrote:
> > >> >>>
> > >> >>> I concur with Kevin. It won't be much of a whitelist if no
one
> uses
> > it
> > >> >>>> -- I
> > >> >>>> would argue that if you set it to "*" by default, no dev
will
> > >> >>>>(usually)
> > >> >>>> change that, especially if they don't know there is a
whitelist
> in
> > the
> > >> >>>> first place.
> > >> >>>>
> > >> >>>>
> > >> >>>> On Thu, Nov 1, 2012 at 4:48 PM, Kevin Hawkins <
> > >> >>>> kevin.hawkins.cordova@gmail.**com > wrote:
> > >> >>>>
> > >> >>>> From a security perspective, I'm partial to the iOS (nothing)
> > default,
> > >> >>>>> recognizing of course that there are certain usability
drawbacks
> > to
> > >> >>>>>that
> > >> >>>>> approach.
> > >> >>>>>
> > >> >>>>> On Thu, Nov 1, 2012 at 4:34 PM, Filip Maj >
> > >> >>>>>
> > >> >>>> wrote:
> > >> >>>>
> > >> >>>>> Quick q: how come Android + BB's whitelists by default
whitelist
> > >> >>>>>> everything (*), but iOS does the opposite (whitelist
nothing)?
> > >> >>>>>>
> > >> >>>>>> I'd like to see this unified across all platforms
we support.
> > >> >>>>>>
> > >> >>>>>>
> > >> >>>>>>
> > >> >>
> > >> >
> > >> >---------------------------------------------------------------------
> > >> >This transmission (including any attachments) may contain
> confidential
> > >> >information, privileged material (including material protected by the
> > >> >solicitor-client or other applicable privileges), or constitute
> > >> >non-public information. Any use of this information by anyone other
> > than
> > >> >the intended recipient is prohibited. If you have received this
> > >> >transmission in error, please immediately reply to the sender and
> > delete
> > >> >this information from your system. Use, dissemination, distribution,
> or
> > >> >reproduction of this transmission by unintended recipients is not
> > >> >authorized and may be unlawful.
> > >>
> > >>
> >
> >
> >
> > --
> > @purplecabbage
> > risingj.com
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message