You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cordova.apache.org by GitBox <gi...@apache.org> on 2019/07/18 14:01:59 UTC

[GitHub] [cordova-android] A-AFTAHI opened a new issue #789: Unsecure functions

A-AFTAHI opened a new issue #789: Unsecure functions
URL: https://github.com/apache/cordova-android/issues/789
 
 
   # Bug Report
   Unsecure functions Use.
   ## Problem
   Hello, i was auditing the security of mobile app of a client, who is using Cordova framework within it's application. i noticed while testing the use of deprecated functions in term of security, and i wanted to kindly report and have a disscussion about this. 
   examples of functions : random() | HttpURLConnection() | setWebContentsDebuggingEnabled(true) | SetAllowUniversalAccessFromFileURLs(true)
   why you still using them?
   Do you think they are secure enough to be used?
   what about using SecureRandom(), HttpsURLConnection()...etc instead?
   ### What is expected to happen?
   
   
   
   ### What does actually happen?
   
   
   
   ## Information
   <!-- Include all relevant information that might help understand and reproduce the problem -->
   
   
   
   ### Command or Code
   <!-- What command or code is needed to reproduce the problem? -->
   
   
   
   ### Environment, Platform, Device
   <!-- In what environment, on what platform or on which device are you experiencing the issue? -->
   
   
   
   ### Version information
   <!-- 
   What are relevant versions you are using?
   For example:
   Cordova: Cordova CLI, Cordova Platforms, Cordova Plugins 
   Other Frameworks: Ionic Framework and CLI version
   Operating System, Android Studio, Xcode etc.
   -->
   
   
   
   ## Checklist
   <!-- Please check the boxes by putting an x in the [ ] like so: [x] -->
   
   - [ ] I searched for existing GitHub issues
   - [ ] I updated all Cordova tooling to most recent version
   - [ ] I included all the necessary information above
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org