incubator-callback-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joe Bowser (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CB-1113) Add Verification to Proposed PluginSpec
Date Tue, 18 Sep 2012 23:40:07 GMT

     [ https://issues.apache.org/jira/browse/CB-1113?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Joe Bowser resolved CB-1113.
----------------------------

    Resolution: Fixed

There's no such thing as a malicious plugin, because it's up to the dev to read the plugin
code before inserting it.
                
> Add Verification to Proposed PluginSpec
> ---------------------------------------
>
>                 Key: CB-1113
>                 URL: https://issues.apache.org/jira/browse/CB-1113
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: Android, Bada, BlackBerry, iOS, webOS, WP7
>            Reporter: Joe Bowser
>            Assignee: Joe Bowser
>            Priority: Critical
>
> Here's a major problem with plugins.  Right now we have no way to specify to our users
which plugins work and which plugins are harmful.  We have CB-1062 which could be a very powerful
feature, but I'm not going to turn it on because we could change how plugins work with this
feature so that data is stolen.
> We need to have some verification mechanism so that we can prevent a malicious plugin
from being used by an unsuspecting user.  I know that they could read the Java code, but given
that our users don't read Obj-C or Java code, this could really hurt them badly.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message