cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Johnson <dave.c.john...@gmail.com>
Subject Re: Whitelist defaults
Date Fri, 02 Nov 2012 00:36:11 GMT
Yup agree it should whitelist nothing but it also needs to be very clear in
the log when we block a request that it's due to the whitelist.

On Thursday, November 1, 2012, Shazron wrote:

> I concur with Kevin. It won't be much of a whitelist if no one uses it -- I
> would argue that if you set it to "*" by default, no dev will (usually)
> change that, especially if they don't know there is a whitelist in the
> first place.
>
>
> On Thu, Nov 1, 2012 at 4:48 PM, Kevin Hawkins <
> kevin.hawkins.cordova@gmail.com <javascript:;>> wrote:
>
> > From a security perspective, I'm partial to the iOS (nothing) default,
> > recognizing of course that there are certain usability drawbacks to that
> > approach.
> >
> > On Thu, Nov 1, 2012 at 4:34 PM, Filip Maj <fil@adobe.com <javascript:;>>
> wrote:
> >
> > > Quick q: how come Android + BB's whitelists by default whitelist
> > > everything (*), but iOS does the opposite (whitelist nothing)?
> > >
> > > I'd like to see this unified across all platforms we support.
> > >
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message