WebAPI/Security/OpenWebApp: Difference between revisions

Jump to navigation Jump to search

WebAPI/Security/OpenWebApp (view source)

Revision as of 06:11, 31 July 2012

245 bytes added ,  31 July 2012
→‎Trusted (authenticated by publisher)
(Created page with "Name of API: Open Web App API Reference: https://developer.mozilla.org/en/OpenWebApps/The_JavaScript_API Security Discussion: https://groups.google.com/group/mozilla.dev.webapp...")
 
Line 33: Line 33:
*A "dashboard" can monitor the state of logged in applications
*A "dashboard" can monitor the state of logged in applications


Authorization model: Implicit, except Remove App is Explicit (OS Mediated)
Authorization model:  
*Explicit for Install, Launch and Remove Apps (OS Mediated)
*Implicit for non-state changing operations related to querying about their own state


Potential mitigations:
Potential mitigations:
* uninstall() is a method of the application object itself. Since you can only get apps that you installed from (using getInstalled()) or yourself (using getSelf()) this mitigates the risks. [fabrice]
* uninstall() is a method of the application object itself. Since you can only get apps that you installed from (using getInstalled()) or yourself (using getSelf()) this mitigates the risks. [Fabrice] I don't think that a user expects one app to be able to silently uninstall another app just because it initiated the install in the first place.[Lucas]


== Certified (vouched for by trusted 3rd party) ==
== Certified (vouched for by trusted 3rd party) ==
Ladamski
Confirmed users
717

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/456380"

Navigation menu