I feel its a good feature for a release time but not so during development time. So what ends up happening is the thing gets *, forgotten about, and negates the usefulness.
I'm in favor of opening it up and using docs to guide how ppl should secure their app for release/production. On Thu, Nov 1, 2012 at 10:30 PM, Filip Maj <f...@adobe.com> wrote: > Personally I think the whitelist is pretty useless... > > On 11/1/12 7:32 PM, "Ken Wallis" <kwal...@rim.com> wrote: > > >Not sure why the BlackBerry version white lists everything. We don't do > >that in WebWorks ;) > > > > > > > >From: Steven Gill > >To: dev@cordova.apache.org > >Reply To: dev@cordova.apache.org > >Re: Whitelist defaults > >2012-11-01 10:30:42 PM > > > > > > > >+1 to point it out in the getting started guides. > >On Nov 1, 2012 6:35 PM, "Marcel Kinard" wrote: > > > >> Also sounds like a good step/topic in the "getting started" guides. > >> > >> -- Marcel Kinard > >> > >> On 11/1/2012 8:36 PM, Dave Johnson wrote: > >> > >>> Yup agree it should whitelist nothing but it also needs to be very > >>>clear > >>> in > >>> the log when we block a request that it's due to the whitelist. > >>> > >>> On Thursday, November 1, 2012, Shazron wrote: > >>> > >>> I concur with Kevin. It won't be much of a whitelist if no one uses it > >>>> -- I > >>>> would argue that if you set it to "*" by default, no dev will > >>>>(usually) > >>>> change that, especially if they don't know there is a whitelist in the > >>>> first place. > >>>> > >>>> > >>>> On Thu, Nov 1, 2012 at 4:48 PM, Kevin Hawkins < > >>>> kevin.hawkins.cordova@gmail.**com > wrote: > >>>> > >>>> From a security perspective, I'm partial to the iOS (nothing) default, > >>>>> recognizing of course that there are certain usability drawbacks to > >>>>>that > >>>>> approach. > >>>>> > >>>>> On Thu, Nov 1, 2012 at 4:34 PM, Filip Maj > > >>>>> > >>>> wrote: > >>>> > >>>>> Quick q: how come Android + BB's whitelists by default whitelist > >>>>>> everything (*), but iOS does the opposite (whitelist nothing)? > >>>>>> > >>>>>> I'd like to see this unified across all platforms we support. > >>>>>> > >>>>>> > >>>>>> > >> > > > >--------------------------------------------------------------------- > >This transmission (including any attachments) may contain confidential > >information, privileged material (including material protected by the > >solicitor-client or other applicable privileges), or constitute > >non-public information. Any use of this information by anyone other than > >the intended recipient is prohibited. If you have received this > >transmission in error, please immediately reply to the sender and delete > >this information from your system. Use, dissemination, distribution, or > >reproduction of this transmission by unintended recipients is not > >authorized and may be unlawful. > >
