+1 to point it out in the getting started guides. On Nov 1, 2012 6:35 PM, "Marcel Kinard" <cmarc...@gmail.com> wrote:
> Also sounds like a good step/topic in the "getting started" guides. > > -- Marcel Kinard > > On 11/1/2012 8:36 PM, Dave Johnson wrote: > >> Yup agree it should whitelist nothing but it also needs to be very clear >> in >> the log when we block a request that it's due to the whitelist. >> >> On Thursday, November 1, 2012, Shazron wrote: >> >> I concur with Kevin. It won't be much of a whitelist if no one uses it >>> -- I >>> would argue that if you set it to "*" by default, no dev will (usually) >>> change that, especially if they don't know there is a whitelist in the >>> first place. >>> >>> >>> On Thu, Nov 1, 2012 at 4:48 PM, Kevin Hawkins < >>> kevin.hawkins.cordova@gmail.**com >>> <kevin.hawkins.cord...@gmail.com><javascript:;>> wrote: >>> >>> From a security perspective, I'm partial to the iOS (nothing) default, >>>> recognizing of course that there are certain usability drawbacks to that >>>> approach. >>>> >>>> On Thu, Nov 1, 2012 at 4:34 PM, Filip Maj <f...@adobe.com<javascript:;>> >>>> >>> wrote: >>> >>>> Quick q: how come Android + BB's whitelists by default whitelist >>>>> everything (*), but iOS does the opposite (whitelist nothing)? >>>>> >>>>> I'd like to see this unified across all platforms we support. >>>>> >>>>> >>>>> >
