You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cordova.apache.org by "Joe Bowser (JIRA)" <ji...@apache.org> on 2012/09/19 01:40:07 UTC
[jira] [Resolved] (CB-1113) Add Verification to Proposed PluginSpec
[ https://issues.apache.org/jira/browse/CB-1113?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joe Bowser resolved CB-1113.
----------------------------
Resolution: Fixed
There's no such thing as a malicious plugin, because it's up to the dev to read the plugin code before inserting it.
> Add Verification to Proposed PluginSpec
> ---------------------------------------
>
> Key: CB-1113
> URL: https://issues.apache.org/jira/browse/CB-1113
> Project: Apache Cordova
> Issue Type: Bug
> Components: Android, Bada, BlackBerry, iOS, webOS, WP7
> Reporter: Joe Bowser
> Assignee: Joe Bowser
> Priority: Critical
>
> Here's a major problem with plugins. Right now we have no way to specify to our users which plugins work and which plugins are harmful. We have CB-1062 which could be a very powerful feature, but I'm not going to turn it on because we could change how plugins work with this feature so that data is stolen.
> We need to have some verification mechanism so that we can prevent a malicious plugin from being used by an unsuspecting user. I know that they could read the Java code, but given that our users don't read Obj-C or Java code, this could really hurt them badly.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira