cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian LeRoux...@brian.io>
Subject Re: Whitelist defaults
Date Fri, 02 Nov 2012 07:27:44 GMT
I feel its a good feature for a release time but not so during development
time. So what ends up happening is the thing gets *, forgotten about, and
negates the usefulness.

I'm in favor of opening it up and using docs to guide how ppl should secure
their app for release/production.


On Thu, Nov 1, 2012 at 10:30 PM, Filip Maj <fil@adobe.com> wrote:

> Personally I think the whitelist is pretty useless...
>
> On 11/1/12 7:32 PM, "Ken Wallis" <kwallis@rim.com> wrote:
>
> >Not sure why the BlackBerry version white lists everything. We don't do
> >that in WebWorks ;)
> >
> >
> >
> >From: Steven Gill
> >To: dev@cordova.apache.org
> >Reply To: dev@cordova.apache.org
> >Re: Whitelist defaults
> >2012-11-01 10:30:42 PM
> >
> >
> >
> >+1 to point it out in the getting started guides.
> >On Nov 1, 2012 6:35 PM, "Marcel Kinard" wrote:
> >
> >> Also sounds like a good step/topic in the "getting started" guides.
> >>
> >> -- Marcel Kinard
> >>
> >> On 11/1/2012 8:36 PM, Dave Johnson wrote:
> >>
> >>> Yup agree it should whitelist nothing but it also needs to be very
> >>>clear
> >>> in
> >>> the log when we block a request that it's due to the whitelist.
> >>>
> >>> On Thursday, November 1, 2012, Shazron wrote:
> >>>
> >>> I concur with Kevin. It won't be much of a whitelist if no one uses it
> >>>> -- I
> >>>> would argue that if you set it to "*" by default, no dev will
> >>>>(usually)
> >>>> change that, especially if they don't know there is a whitelist in the
> >>>> first place.
> >>>>
> >>>>
> >>>> On Thu, Nov 1, 2012 at 4:48 PM, Kevin Hawkins <
> >>>> kevin.hawkins.cordova@gmail.**com > wrote:
> >>>>
> >>>> From a security perspective, I'm partial to the iOS (nothing) default,
> >>>>> recognizing of course that there are certain usability drawbacks
to
> >>>>>that
> >>>>> approach.
> >>>>>
> >>>>> On Thu, Nov 1, 2012 at 4:34 PM, Filip Maj >
> >>>>>
> >>>> wrote:
> >>>>
> >>>>> Quick q: how come Android + BB's whitelists by default whitelist
> >>>>>> everything (*), but iOS does the opposite (whitelist nothing)?
> >>>>>>
> >>>>>> I'd like to see this unified across all platforms we support.
> >>>>>>
> >>>>>>
> >>>>>>
> >>
> >
> >---------------------------------------------------------------------
> >This transmission (including any attachments) may contain confidential
> >information, privileged material (including material protected by the
> >solicitor-client or other applicable privileges), or constitute
> >non-public information. Any use of this information by anyone other than
> >the intended recipient is prohibited. If you have received this
> >transmission in error, please immediately reply to the sender and delete
> >this information from your system. Use, dissemination, distribution, or
> >reproduction of this transmission by unintended recipients is not
> >authorized and may be unlawful.
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message