MozillaWiki

Security/FirefoxOperations: Difference between revisions

Page Discussion

Security/FirefoxOperations (view source)

Revision as of 17:36, 7 August 2017

219 bytes added ,  7 August 2017
→‎Security Checklist
Line 97: Line 97:
   * For Python applications, enable pyup security updates:
   * For Python applications, enable pyup security updates:
     * Add a pyup config to your repo (example config: https://github.com/mozilla-services/antenna/blob/master/.pyup.yml)
     * Add a pyup config to your repo (example config: https://github.com/mozilla-services/antenna/blob/master/.pyup.yml)
     * Add https://github.com/mozsvcpyup as a collaborator to your repo
     * Add the "Approved Mozilla PyUp Configuration" team (e.g. for [mozilla](https://github.com/orgs/mozilla/teams/approved-mozilla-pyup-configuration) and [mozilla-services](https://github.com/orgs/mozilla-services/teams/approved-mozilla-pyup-configuration)) as a collaborator to your repo
     * Notify secops@mozilla.com to enable the integration in pyup
     * Notify secops@mozilla.com to enable the integration in pyup
     * Consider using ``pip list --outdated`` or [requires.io](https://requires.io/) too
     * Consider using ``pip list --outdated`` or [requires.io](https://requires.io/) too
Line 149: Line 149:
   * Keys used to sign sessions don't need a rotation mechanism if destroying all sessions is acceptable in case of emergency.
   * Keys used to sign sessions don't need a rotation mechanism if destroying all sessions is acceptable in case of emergency.
* [ ] Do not proxy requests from users without strong limitations and filtering (see [Pocket UserData vulnerability](https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/)). Don't proxy requests to [link local, loopback, or private networks](https://en.wikipedia.org/wiki/Reserved_IP_addresses#IPv4) or DNS that resolves to addresses in those ranges (i.e. 169.254.0.0/16, 127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, 198.18.0.0/15).
* [ ] Do not proxy requests from users without strong limitations and filtering (see [Pocket UserData vulnerability](https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/)). Don't proxy requests to [link local, loopback, or private networks](https://en.wikipedia.org/wiki/Reserved_IP_addresses#IPv4) or DNS that resolves to addresses in those ranges (i.e. 169.254.0.0/16, 127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, 198.18.0.0/15).


</source>
</source>
Ulfr
Confirmed users
529

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1177538"