WebAPI/Security/NetworkInfo: Difference between revisions

Jump to navigation Jump to search

WebAPI/Security/NetworkInfo (view source)

Revision as of 03:11, 24 September 2012

154 bytes removed ,  24 September 2012
no edit summary
No edit summary
No edit summary
Line 1: Line 1:
Name of API: Network Information API Sec
==Network Information API ==


References:
Brief purpose of API: Allow content to understand if current network connectivity is metered in order to allow apps to limit consumption.  
*https://bugzilla.mozilla.org/show_bug.cgi?id=677166
*https://wiki.mozilla.org/WebAPI/NetworkAPI
*http://groups.google.com/group/mozilla.dev.webapi/browse_thread/thread/464d2a5ca3ed0e05/68e2de5b987f28d9


Brief purpose of API: Allow content to understand if current network connectivity is metered in order to allow apps to limit consumption
API Endpoint: navigator.connection.*


General Use Cases:  
General Use Cases:  
Line 14: Line 11:
Inherent threats: Privacy (de-anonymize users based on connection change
Inherent threats: Privacy (de-anonymize users based on connection change
events?)
events?)
References:
*https://bugzilla.mozilla.org/show_bug.cgi?id=677166
*https://wiki.mozilla.org/WebAPI/NetworkAPI
*http://groups.google.com/group/mozilla.dev.webapi/browse_thread/thread/464d2a5ca3ed0e05/68e2de5b987f28d9


Threat severity: Low
Threat severity: Low


== Regular web content (unauthenticated) ==
=== Permissions Table===
Use cases for unauthenticated code: Read current bandwidth estimate or
ask if connection is metered
 
Authorization model for normal content: Implicit
 
Authorization model for installed content: Implicit
 
Potential mitigations: Maybe fuzz the exact time of the network change
event in a similar manner to idle API.
 
== Privileged (approved by app store) ==
Use cases for privileged code: As above
 
Authorization model: As above
 
Potential  mitigations: As above
 
== Certified (system-critical apps) ==
Use cases for certified code: As above
 
Authorization model: As above


Potential mitigations: As above
{| border="1" class="wikitable"
! Type
! Use Cases
! Authorization Model
! Notes & Other Controls
|-
| Web Content || As per general use cases above. || No permission required
|-
| Installed Web Apps || As per general use cases above. || No permission required
|-
| Privileged Web Apps || As per general use cases above. || No permission required
|-
| Certified Web Apps || As per general use cases above. || No permission required
|}
Ptheriault
canmove, Confirmed users
1,220

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/472936"

Navigation menu