You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cordova.apache.org by "Joe Bowser (JIRA)" <ji...@apache.org> on 2012/07/24 19:03:36 UTC

[jira] [Created] (CB-1113) Add Verification to Proposed PluginSpec

Joe Bowser created CB-1113:
------------------------------

             Summary: Add Verification to Proposed PluginSpec
                 Key: CB-1113
                 URL: https://issues.apache.org/jira/browse/CB-1113
             Project: Apache Cordova
          Issue Type: Bug
          Components: Android, Bada, BlackBerry, iOS, webOS, WP7
            Reporter: Joe Bowser
            Assignee: Joe Bowser
            Priority: Critical


Here's a major problem with plugins.  Right now we have no way to specify to our users which plugins work and which plugins are harmful.  We have CB-1062 which could be a very powerful feature, but I'm not going to turn it on because we could change how plugins work with this feature so that data is stolen.

We need to have some verification mechanism so that we can prevent a malicious plugin from being used by an unsuspecting user.  I know that they could read the Java code, but given that our users don't read Obj-C or Java code, this could really hurt them badly.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Resolved] (CB-1113) Add Verification to Proposed PluginSpec

Posted by "Joe Bowser (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/CB-1113?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Joe Bowser resolved CB-1113.
----------------------------

    Resolution: Fixed

There's no such thing as a malicious plugin, because it's up to the dev to read the plugin code before inserting it.
                
> Add Verification to Proposed PluginSpec
> ---------------------------------------
>
>                 Key: CB-1113
>                 URL: https://issues.apache.org/jira/browse/CB-1113
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: Android, Bada, BlackBerry, iOS, webOS, WP7
>            Reporter: Joe Bowser
>            Assignee: Joe Bowser
>            Priority: Critical
>
> Here's a major problem with plugins.  Right now we have no way to specify to our users which plugins work and which plugins are harmful.  We have CB-1062 which could be a very powerful feature, but I'm not going to turn it on because we could change how plugins work with this feature so that data is stolen.
> We need to have some verification mechanism so that we can prevent a malicious plugin from being used by an unsuspecting user.  I know that they could read the Java code, but given that our users don't read Obj-C or Java code, this could really hurt them badly.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira