Nightly build #594 for cordova has succeeded!

2018-01-06 Thread Apache Jenkins Server
Nightly build #594 for cordova has succeeded! The latest nightly has been published and you can try it out with 'npm i -g cordova@nightly' For details check build console at https://builds.apache.org/job/cordova-nightly/594/consoleFull - Jenkins for Apache Cordova

Cordova-plugin-file-transfer

2018-01-06 Thread Dan Field
So I'd like to update this plugin to more securely delete files than just calling file.delete - this could leave partial data in a recoverable state causing potential security concerns on Android. Any thoughts or objections?

Re: cordova-plugin-file-transfer

2018-01-06 Thread Dan Field
Well, actually, I'm becoming less convinced that overwriting the file would really improve security - the OS could end up writing the new data to a different location on the card, leaving the partially downloaded data anyway. Unless anyone has a better idea, I'm probably going to have to go back

Re: cordova-plugin-file-transfer

2018-01-06 Thread Dan Field
So I'm happy to do the implementation/create the issue/ do the PR. As much as I'd like to transition to using XHR, that causes some other issues internally for the project I'm workining on - the most pressing one currently is that we're required to support some older platforms that don't work

Re: cordova-plugin-file-transfer

2018-01-06 Thread julio cesar sanchez
Also, file-transfer plugin has been deprecated, so is less likely to get that change applied. Read more about the deprecating and the recommended transition at https://cordova.apache.org/blog/2017/10/18/from-filetransfer-to-xhr2.html. 2018-01-06 21:48 GMT+01:00 Simon MacDonald

Re: cordova-plugin-file-transfer

2018-01-06 Thread Simon MacDonald
Probably best to create an issue in JIRA and we love PR's. Simon Mac Donald http://simonmacdonald.com On Sat, Jan 6, 2018 at 2:21 PM, Dan Field wrote: > The Android version of this plugin makes calls to file.delete on abort() > and on a failed/partial download(). > > Any

cordova-plugin-file-transfer

2018-01-06 Thread Dan Field
The Android version of this plugin makes calls to file.delete on abort() and on a failed/partial download(). Any thoughts on updating this logic to first write garbage to the file before deleting it to make recovery of sensitive data more difficult? I'm getting complaints from my security team