如何禁用PhoneGap API /功能? [英] How to disable PhoneGap APIs/functionality?
问题描述
有没有推荐的方法来移除对不需要的PhoneGap API的访问?
Is there a recommended way to remove access to unneeded PhoneGap APIs?
例如,我们的应用程序不需要访问联系人数据库。
For example our app does not need to access the contact database.
对于正常的网页,XSS漏洞被沙盒化以仅影响一个网站(浏览器防止对其他网站的任何传染)。使用PhoneGap应用程序,默认情况下,XSS漏洞可以访问联系人列表或PhoneGap API的任何其他部分。
With normal web pages, an XSS vulnerability is sandboxed to only affect one site (the browser prevents any contagion to other sites). With a PhoneGap application, by default, an XSS vulnerability can access the contacts list or any other part of the PhoneGap API.
我想避免Skype的情况, Skype中的可恶性允许攻击者复制其用户的通讯录: http://www.macnn.com/articles/11/09/20/users.address.books.could.be.copied/
I want to avoid the Skype situation where an XSS vunerability in Skype allowed an attacker to copy the address books of their users: http://www.macnn.com/articles/11/09/20/users.address.books.could.be.copied/
推荐答案
在您的应用程序中,在PhoneGap.plist / Plugins下,删除不需要的插件的所有行 - 这将从JavaScript中删除访问。
In your app, under PhoneGap.plist/Plugins, remove any rows for plugins that are not needed - this will remove access from JavaScript.
这篇关于如何禁用PhoneGap API /功能?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!