[
https://issues.apache.org/jira/browse/CB-1113?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joe Bowser resolved CB-1113.
----------------------------
Resolution: Fixed
There's no such thing as a malicious plugin, because it's up to the dev to read
the plugin code before inserting it.
> Add Verification to Proposed PluginSpec
> ---------------------------------------
>
> Key: CB-1113
> URL: https://issues.apache.org/jira/browse/CB-1113
> Project: Apache Cordova
> Issue Type: Bug
> Components: Android, Bada, BlackBerry, iOS, webOS, WP7
> Reporter: Joe Bowser
> Assignee: Joe Bowser
> Priority: Critical
>
> Here's a major problem with plugins. Right now we have no way to specify to
> our users which plugins work and which plugins are harmful. We have CB-1062
> which could be a very powerful feature, but I'm not going to turn it on
> because we could change how plugins work with this feature so that data is
> stolen.
> We need to have some verification mechanism so that we can prevent a
> malicious plugin from being used by an unsuspecting user. I know that they
> could read the Java code, but given that our users don't read Obj-C or Java
> code, this could really hurt them badly.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
