Yup agree it should whitelist nothing but it also needs to be very clear in the log when we block a request that it's due to the whitelist.
On Thursday, November 1, 2012, Shazron wrote: > I concur with Kevin. It won't be much of a whitelist if no one uses it -- I > would argue that if you set it to "*" by default, no dev will (usually) > change that, especially if they don't know there is a whitelist in the > first place. > > > On Thu, Nov 1, 2012 at 4:48 PM, Kevin Hawkins < > kevin.hawkins.cord...@gmail.com <javascript:;>> wrote: > > > From a security perspective, I'm partial to the iOS (nothing) default, > > recognizing of course that there are certain usability drawbacks to that > > approach. > > > > On Thu, Nov 1, 2012 at 4:34 PM, Filip Maj <f...@adobe.com <javascript:;>> > wrote: > > > > > Quick q: how come Android + BB's whitelists by default whitelist > > > everything (*), but iOS does the opposite (whitelist nothing)? > > > > > > I'd like to see this unified across all platforms we support. > > > > > > > > >
