incubator-callback-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Simon MacDonald (Resolved) (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CB-23) Remove App.addWhiteListEntry() since it allows runtime code to override build time settings
Date Thu, 01 Dec 2011 21:10:41 GMT

     [ https://issues.apache.org/jira/browse/CB-23?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Simon MacDonald resolved CB-23.
-------------------------------

    Resolution: Fixed

The code has been removed:

https://github.com/callback/callback-android/commit/e02322b66b7588e93433697493b1a4795e78227a
                
> Remove App.addWhiteListEntry() since it allows runtime code to override build time settings
> -------------------------------------------------------------------------------------------
>
>                 Key: CB-23
>                 URL: https://issues.apache.org/jira/browse/CB-23
>             Project: Apache Callback
>          Issue Type: Bug
>          Components: Android
>    Affects Versions: 1.1.0, 1.2.0
>            Reporter: Dave Charles Johnson
>            Assignee: Simon MacDonald
>             Fix For: 1.3.0
>
>
> This is probably a security problem since the whole idea of the whitelist is to prevent
runtime code from accessing a domain unless it's in the whitelist.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message