MozillaWiki

Security/Reviews/AppStore: Difference between revisions

Page Discussion

Security/Reviews/AppStore (view source)

Revision as of 08:57, 27 May 2012

64 bytes added ,  27 May 2012
→‎Threat Model
Line 131: Line 131:
| 1||Compromise Paypal API Key||The Paypal API key is used for communication with paypal and identifies Mozilla.  If this key is leaked, it is possible to impersonate Mozilla to Paypal.||Separation of payment systems from the rest of AMO.  Incident response process to include communication with payal to disable API key.  Proper CEF logging key.||Skilled Attacker||12||3||4 – Reputation||
| 1||Compromise Paypal API Key||The Paypal API key is used for communication with paypal and identifies Mozilla.  If this key is leaked, it is possible to impersonate Mozilla to Paypal.||Separation of payment systems from the rest of AMO.  Incident response process to include communication with payal to disable API key.  Proper CEF logging key.||Skilled Attacker||12||3||4 – Reputation||
|-
|-
| 2||Compromise Paypal API Key||The Paypal API key is used for communication with paypal and identifies Mozilla.  If this key is leaked, it is possible to impersonate Mozilla to Paypal.||Separation of payment systems from the rest of AMO.  Incident response process to include communication with payal to disable API key.  Proper CEF logging key.||Skilled Attacker||12||3||4 – Reputation||
| 2||Compromise AMO database||Currently, customer's paypal information resides in the AMO database.  If the AMO database is compromised this would include paypal information.||Separation of payment data from the rest of AMO.  Incident response process to include communication with payal to disable pre-auth keys.  Proper CEF logging key.||Skilled Attacker||12||3||4 – Reputation||for an actual compromise, this would require the paypal API key as well.
|-
|-
|}
|}
Rforbes
207

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/434701"