Return-Path: X-Original-To: apmail-cordova-dev-archive@www.apache.org Delivered-To: apmail-cordova-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3D13310694 for ; Wed, 26 Aug 2015 14:59:55 +0000 (UTC) Received: (qmail 29942 invoked by uid 500); 26 Aug 2015 14:59:54 -0000 Delivered-To: apmail-cordova-dev-archive@cordova.apache.org Received: (qmail 29906 invoked by uid 500); 26 Aug 2015 14:59:54 -0000 Mailing-List: contact dev-help@cordova.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cordova.apache.org Delivered-To: mailing list dev@cordova.apache.org Received: (qmail 29884 invoked by uid 99); 26 Aug 2015 14:59:54 -0000 Received: from Unknown (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 26 Aug 2015 14:59:54 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 17C47181BC3 for ; Wed, 26 Aug 2015 14:59:54 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.881 X-Spam-Level: ** X-Spam-Status: No, score=2.881 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-eu-west.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id FCkOyaZ5crzQ for ; Wed, 26 Aug 2015 14:59:48 +0000 (UTC) Received: from mail-pa0-f50.google.com (mail-pa0-f50.google.com [209.85.220.50]) by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with ESMTPS id 75E902122D for ; Wed, 26 Aug 2015 14:59:47 +0000 (UTC) Received: by pacti10 with SMTP id ti10so90762269pac.0 for ; Wed, 26 Aug 2015 07:59:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:message-id:in-reply-to:references:subject:mime-version :content-type; bh=f+9jb7YuLRtcQeAPpkGsQQqy1OqiJXAmgS9PqavtmZY=; b=P3sfhZKrR5v9gJio9uqZIjExQjQZ6Ti6gLc4GT7Tlxh2/9UYedmFsRUdKU7dWZ8vr2 1fVN0RXP0tBOhZNiTny3qjVeMhjJCzGfLlbVqTGE2LGAbXY5HvuTmDOeq56JgO5yztEv L9rpuEqdbxeDZnQZStVG3qH8enitZSSdH85dYVcVAq9hDfigP3yorKE4FkuhPhv82qhU Y3Uxvw4Mi9rlDr2aDwHtm6/8rtue/Axd7cIdtgqT4hu1lsWMo56zIj+m7c+UiUd2ZCBq zCMEq5QHYuDwPuFv2tPfh3YzBijboV6JCEDD9mRaVVXRnqWdOt9tlV0jjTrQs3iLY2di yEZw== X-Received: by 10.68.139.226 with SMTP id rb2mr16483794pbb.49.1440601186092; Wed, 26 Aug 2015 07:59:46 -0700 (PDT) Received: from mail.outlook.com (ec2-54-186-253-189.us-west-2.compute.amazonaws.com. [54.186.253.189]) by smtp.gmail.com with ESMTPSA id ri9sm19959447pbc.4.2015.08.26.07.59.44 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 26 Aug 2015 07:59:44 -0700 (PDT) Date: Wed, 26 Aug 2015 14:59:44 +0000 (UTC) From: Kerri Shotts To: dev@cordova.apache.org Message-ID: <4C5A9BED1F66B9D1.9A0A16FB-49DF-40DB-9FCA-4C0932DBC1B5@mail.outlook.com> In-Reply-To: References: <85A3E123BABF314D9D3656D0B418125644952E44@FMSMSX103.amr.corp.intel.com> <85A3E123BABF314D9D3656D0B418125644952E8B@FMSMSX103.amr.corp.intel.com> <85A3E123BABF314D9D3656D0B4181256449BD187@FMSMSX102.amr.corp.intel.com> Subject: Re: [iOS] proposed major whitelist change MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_3077_1813486844.1440601184005" X-Mailer: Outlook for iOS and Android ------=_Part_3077_1813486844.1440601184005 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable +1; sounds like a good change to me! :) Kerri Shotts , photoKandy Studios LLC http://www.photokandy.com/ =E2=80=A2 @photokandy=20 =E2=86=92 CONFIDENTIAL =E2=86=90=20 This email and any attachments may be confidential. If you are not the inte= nded recipient, please let us know by replying to this message, and then re= move the message and its attachments from your system. You should not disse= minate, distribute, or otherwise copy or release the information contained = herein, nor can we accept any liability for any loss or damages resulting f= rom the use, abuse, or mis-use of the information contained herein. =E2=86=92 SECURITY =E2=86=90 Computer viruses can be distributed via email. It is the recipient=E2=80=99= s responsibility to check this email and any attachments for viruses. Email= transmission cannot be guaranteed to be secure or error-free as the email = could have been intercepted, corrupted, delayed, and/or re-transmitted. The= sender does not accept any liability for errors or omissions within this m= essage or its attachments, nor for any viruses which may be present. Note: We do our very best to ensure that nothing we send contains viruses. = However, because of the nature of email and the way it is sent, we can=E2= =80=99t promise that some other party hasn=E2=80=99t intercepted our email = and added malicious content. Due to the nature of email, we can=E2=80=99t a= ccept any liability for any damage or loss arising from the use, abuse, or = mis-use of this email and any of its attachments. =E2=86=92 PRIVACY =E2=86=90=20 Email is not a secure communications medium. When replying to this or any m= essage, you should not include any information that you do not want the ent= ire world to be capable of seeing. In other words, don=E2=80=99t send finan= cial accounts (CC#s, Bank Account #s, etc.), passwords, social security num= bers, or the like, even when asked directly. photoKandy Studios LLC will ne= ver ask you for this information. Information transmitted via email may be intercepted and retransmitted by a= ny number of other entities. This is the nature of email, and as such, we c= an=E2=80=99t be held liable for any loss or damage incurred by replying to = this message with compromising information. Review your message prior to se= nding it, and ensure that there is no information you wouldn=E2=80=99t be c= omfortable with the entire world knowing. On Wed, Aug 26, 2015 at 6:14 AM -0700, "Shazron" wrote: Any objections or further feedback? If not I will move on to what we seem to have consensus about: If there are no entries, then network requests are wide open (wildcard * default) and security is handled via CSP. We would recommend no entries to be used, users should use CSP. On Tue, Aug 11, 2015 at 7:01 PM, Shazron wrote: > > So, is the whitelist plugin network request list "*" with no=20 >> entries, or >> "*" because of the entry added to the default project? > > > "*" would be the default. So if there are no entries, it would be > added. If the default project had the wildcard, then no change > (since that is the default anyway). > > The old way you would need an explicit entry wildcard for > unrestricted native and web code access -- the new way is unrestricted > native code access (unless set explicitly), and CSP for web code access. > ------=_Part_3077_1813486844.1440601184005--