383
edits
Labs/Weave/Sync Client Security Review: Difference between revisions
Jump to navigation
Jump to search
Labs/Weave/Sync Client Security Review (view source)
Revision as of 17:34, 10 February 2010
, 10 February 2010→Security and Privacy
| Line 9: | Line 9: | ||
== Security and Privacy == | == Security and Privacy == | ||
* Is this feature a security feature? If it is, what security issues is it intended to resolve? | * Is this feature a security feature? If it is, what security issues is it intended to resolve? | ||
** Securely sync data across browser profiles by encrypting and storing data on Weave servers | |||
* What potential security issues in your feature have you already considered and addressed? | * What potential security issues in your feature have you already considered and addressed? | ||
** Encrypting data that requires a passphrase that only the user knows to unlock | |||
* Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing? | * Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing? | ||
* Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project. | * Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project. | ||
* How are transitions in/out of Private Browsing mode handled? | * How are transitions in/out of Private Browsing mode handled? | ||
** Sync is disabled during private browsing and reschedules on exit | |||
== Exported APIs == | == Exported APIs == | ||