You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cordova.apache.org by "Joe Bowser (JIRA)" <ji...@apache.org> on 2012/09/19 01:40:07 UTC

[jira] [Resolved] (CB-1113) Add Verification to Proposed PluginSpec

     [ https://issues.apache.org/jira/browse/CB-1113?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Joe Bowser resolved CB-1113.
----------------------------

    Resolution: Fixed

There's no such thing as a malicious plugin, because it's up to the dev to read the plugin code before inserting it.
                
> Add Verification to Proposed PluginSpec
> ---------------------------------------
>
>                 Key: CB-1113
>                 URL: https://issues.apache.org/jira/browse/CB-1113
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: Android, Bada, BlackBerry, iOS, webOS, WP7
>            Reporter: Joe Bowser
>            Assignee: Joe Bowser
>            Priority: Critical
>
> Here's a major problem with plugins.  Right now we have no way to specify to our users which plugins work and which plugins are harmful.  We have CB-1062 which could be a very powerful feature, but I'm not going to turn it on because we could change how plugins work with this feature so that data is stolen.
> We need to have some verification mechanism so that we can prevent a malicious plugin from being used by an unsuspecting user.  I know that they could read the Java code, but given that our users don't read Obj-C or Java code, this could really hurt them badly.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira