incubator-callback-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joe Bowser (JIRA)" <>
Subject [jira] [Resolved] (CB-1113) Add Verification to Proposed PluginSpec
Date Tue, 18 Sep 2012 23:40:07 GMT


Joe Bowser resolved CB-1113.

    Resolution: Fixed

There's no such thing as a malicious plugin, because it's up to the dev to read the plugin
code before inserting it.
> Add Verification to Proposed PluginSpec
> ---------------------------------------
>                 Key: CB-1113
>                 URL:
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: Android, Bada, BlackBerry, iOS, webOS, WP7
>            Reporter: Joe Bowser
>            Assignee: Joe Bowser
>            Priority: Critical
> Here's a major problem with plugins.  Right now we have no way to specify to our users
which plugins work and which plugins are harmful.  We have CB-1062 which could be a very powerful
feature, but I'm not going to turn it on because we could change how plugins work with this
feature so that data is stolen.
> We need to have some verification mechanism so that we can prevent a malicious plugin
from being used by an unsuspecting user.  I know that they could read the Java code, but given
that our users don't read Obj-C or Java code, this could really hurt them badly.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message