Confirmed users
529
edits
Security/FirefoxOperations: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
No edit summary |
||
| Line 141: | Line 141: | ||
* For more information about potential pitfalls see the [OWASP Session Management Cheet Sheet](https://www.owasp.org/index.php/Session_Management_Cheat_Sheet) | * For more information about potential pitfalls see the [OWASP Session Management Cheet Sheet](https://www.owasp.org/index.php/Session_Management_Cheat_Sheet) | ||
* [ ] Access Control should be via existing and well regarded frameworks. If you really do need to roll your own then contact the security team for a design and implementation review. | * [ ] Access Control should be via existing and well regarded frameworks. If you really do need to roll your own then contact the security team for a design and implementation review. | ||
* [ ] If you are building a core Firefox service, consider adding it to the list of restricted domains in the preference `extensions.webextensions.restrictedDomains`. This will prevent a malicious extension from being able to steal sensitive information from it, see [bug 1415644](https://bugzilla.mozilla.org/show_bug.cgi?id=1415644). | |||
Databases | Databases | ||