383
edits
Firefox/Projects/AccountManager/SecurityReview: Difference between revisions
Jump to navigation
Jump to search
Firefox/Projects/AccountManager/SecurityReview (view source)
Revision as of 22:17, 31 August 2010
, 31 August 2010→Security and Privacy
(→Data) |
|||
| Line 22: | Line 22: | ||
== Security and Privacy == | == Security and Privacy == | ||
* Is this feature a security feature? If it is, what security issues is it intended to resolve? | * ''Is this feature a security feature? If it is, what security issues is it intended to resolve?'' | ||
It's not a security feature ''per se'', but it does have strong ties to security. Account Manager is intended to abstract out how sites deal with authentication, and in so doing make it possible for authentication components to be swapped in later (as opposed to the status quo of being married to web forms). | It's not a security feature ''per se'', but it does have strong ties to security. Account Manager is intended to abstract out how sites deal with authentication, and in so doing make it possible for authentication components to be swapped in later (as opposed to the status quo of being married to web forms). | ||
* What potential security issues in your feature have you already considered and addressed? | * ''What potential security issues in your feature have you already considered and addressed?'' | ||
Please see the [https://wiki.mozilla.org/Labs/Weave/Identity/Account_Manager/Spec/Latest#Security_Considerations Security Considerations] section of the Account Manager specification. | Please see the [https://wiki.mozilla.org/Labs/Weave/Identity/Account_Manager/Spec/Latest#Security_Considerations Security Considerations] section of the Account Manager specification. | ||
* Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing? | * ''Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing?'' | ||
There are no preferences or configuration files. | There are no preferences or configuration files. | ||
* Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project. | * ''Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project.'' | ||
The [https://wiki.mozilla.org/Labs/Weave/Identity/Account_Manager/Spec/Latest#Security_Considerations Security Considerations] section of the specification contains possible attack vectors for the feature. | The [https://wiki.mozilla.org/Labs/Weave/Identity/Account_Manager/Spec/Latest#Security_Considerations Security Considerations] section of the specification contains possible attack vectors for the feature. | ||
* How are transitions in/out of Private Browsing mode handled? | * ''How are transitions in/out of Private Browsing mode handled?'' | ||
We don't do anything in particular right now. | We don't do anything in particular right now. | ||