[aerogear-dev] cordova push plugin simplification

Wed Feb 26 05:39:57 EST 2014

On Wed, Feb 26, 2014 at 11:38 AM, Erik Jan de Wit <edewit at redhat.com> wrote:

>
> Now the Javascript can verify that the callback is a function because it's
>> no longer a string and the need for a separate successHandler is overrated
>> as you will either get messages or your errorHandler gets invoked.
>>
>
>
> I like the idea of passing in a function (instead of a string), for the
> notification handling.
>
> However, the successHandler was meant to give feedback if registration w/
> UPS was successful or not. Should we really remove that hook ?
>
>
> Well you still will get that feedback, errorHandler will be invoked when
> it wan't successful
>

:-) figured that out after I sent my first mail :)))

>
>
>
>> Till now all these changes can be made on the plugin, but we could take
>> it even further. Two things that are still platform dependent the senderId
>> and the variantID/secret. Now senderId is 'known' by UPS so why do we need
>> to specify it here? We could make senderId part of the response when
>> registering a device on UPS then the client doesn't need to specify it and
>> all configuration is in one place.
>>
>
> It's optional on UPS, as only really Android clients need it. And I think
> originally Luke just added the 'senderID' to UPS for having something handy
> (copy/paste usage).
>
> So, I am not sure on that one, as that means we now have to enforce
> Android Variants always get the senderID attribute. Could be done, yes, but
> I am not sure.
>
>
>
> Hmm, right it's optional then this maybe not the greatest idea
>
>
>> That leaves variantID/secret and that is the boldest proposal. How about
>> we make it possible to register for an application instead for a specific
>> variant? Then based on the meta information (deviceType, operatingSystem
>> and osVersion) we choose the right variant.
>>
>
> -1
>
> we should never 'deploy' the masterSecret and the applicationID on
> clients. If that information is stolen (easy on devices), you can start
> sending dirty assaults to ALL the devices for that application. Same w/ all
> the different providers like Parse, Stackmob etc: they all use a
> MasterKey/Password for the actual send. And they _highly_ recommend NOT
> applying that to the clients (it's easy to leak that information)
>
>
> Right didn't think about that, this together with the objections that
> Sebastien has makes this a definite no go.
>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>

-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20140226/e0779d51/attachment.html 