You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cordova.apache.org by "Joe Bowser (JIRA)" <ji...@apache.org> on 2012/07/24 19:03:36 UTC
[jira] [Created] (CB-1113) Add Verification to Proposed PluginSpec
Joe Bowser created CB-1113:
------------------------------
Summary: Add Verification to Proposed PluginSpec
Key: CB-1113
URL: https://issues.apache.org/jira/browse/CB-1113
Project: Apache Cordova
Issue Type: Bug
Components: Android, Bada, BlackBerry, iOS, webOS, WP7
Reporter: Joe Bowser
Assignee: Joe Bowser
Priority: Critical
Here's a major problem with plugins. Right now we have no way to specify to our users which plugins work and which plugins are harmful. We have CB-1062 which could be a very powerful feature, but I'm not going to turn it on because we could change how plugins work with this feature so that data is stolen.
We need to have some verification mechanism so that we can prevent a malicious plugin from being used by an unsuspecting user. I know that they could read the Java code, but given that our users don't read Obj-C or Java code, this could really hurt them badly.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (CB-1113) Add Verification to Proposed PluginSpec
Posted by "Joe Bowser (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CB-1113?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joe Bowser resolved CB-1113.
----------------------------
Resolution: Fixed
There's no such thing as a malicious plugin, because it's up to the dev to read the plugin code before inserting it.
> Add Verification to Proposed PluginSpec
> ---------------------------------------
>
> Key: CB-1113
> URL: https://issues.apache.org/jira/browse/CB-1113
> Project: Apache Cordova
> Issue Type: Bug
> Components: Android, Bada, BlackBerry, iOS, webOS, WP7
> Reporter: Joe Bowser
> Assignee: Joe Bowser
> Priority: Critical
>
> Here's a major problem with plugins. Right now we have no way to specify to our users which plugins work and which plugins are harmful. We have CB-1062 which could be a very powerful feature, but I'm not going to turn it on because we could change how plugins work with this feature so that data is stolen.
> We need to have some verification mechanism so that we can prevent a malicious plugin from being used by an unsuspecting user. I know that they could read the Java code, but given that our users don't read Obj-C or Java code, this could really hurt them badly.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira