Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Web and WebWorks Development

New Contributor
Posts: 2
Registered: ‎05-12-2011
My Device: Bold
My Carrier: Verizon

Access URI Wildcard - Security Risk

What, if any, are the security implications of setting your application to have access uri="*" in the config.xml? I realize this means any domains that fall into the wildcard can't access the application API's - but is there any other issue this could cause from a security point of view? Thank you!
Posts: 60
Registered: ‎06-08-2011
My Device: n/a
My Carrier: n/a

Re: Access URI Wildcard - Security Risk

I know this thread is out of date. Did you ever get a response?

Posts: 856
Registered: ‎07-15-2008
My Device: Passport
My Carrier: Bell

Re: Access URI Wildcard - Security Risk

There is relatively little security risk here, as you can't expose the WebWorks apis to the wildcard. It's more of a design decision than a security one, as the question should be asked: "do you really need access to the entire internet in your app?". In some cases yes you definitely do. In other cases, you may be opening up your application to unpredictable sites which are not formatted or designed for the use you are putting them, and a resulting poor experience for your users.

Tim Windsor
Open Source Technical Lead