Nightly build #594 for cordova has succeeded!
The latest nightly has been published and you can try it out with 'npm i -g
cordova@nightly'
For details check build console at
https://builds.apache.org/job/cordova-nightly/594/consoleFull
-
Jenkins for Apache Cordova
So I'd like to update this plugin to more securely delete files than just
calling file.delete - this could leave partial data in a recoverable state
causing potential security concerns on Android.
Any thoughts or objections?
Well, actually, I'm becoming less convinced that overwriting the file would
really improve security - the OS could end up writing the new data to a
different location on the card, leaving the partially downloaded data
anyway.
Unless anyone has a better idea, I'm probably going to have to go back
So I'm happy to do the implementation/create the issue/ do the PR.
As much as I'd like to transition to using XHR, that causes some other
issues internally for the project I'm workining on - the most pressing one
currently is that we're required to support some older platforms that don't
work
Also, file-transfer plugin has been deprecated, so is less likely to get
that change applied. Read more about the deprecating and the recommended
transition at
https://cordova.apache.org/blog/2017/10/18/from-filetransfer-to-xhr2.html.
2018-01-06 21:48 GMT+01:00 Simon MacDonald
Probably best to create an issue in JIRA and we love PR's.
Simon Mac Donald
http://simonmacdonald.com
On Sat, Jan 6, 2018 at 2:21 PM, Dan Field wrote:
> The Android version of this plugin makes calls to file.delete on abort()
> and on a failed/partial download().
>
> Any
The Android version of this plugin makes calls to file.delete on abort()
and on a failed/partial download().
Any thoughts on updating this logic to first write garbage to the file
before deleting it to make recovery of sensitive data more difficult? I'm
getting complaints from my security team