WebAPI/Security/TCPSocket: Difference between revisions

WebAPI/Security/TCPSocket (view source)

Revision as of 12:15, 24 September 2012

152 bytes removed , 24 September 2012

no edit summary

Ptheriault

canmove, Confirmed users

1,220

edits

@@ Line 13: / Line 13: @@
 Threat severity: High
-== Regular web content (unauthenticated) ==
+=== Permissions Table===
-Use cases for unauthenticated code: None
-Authorization model for normal content: None
+{| border="1" class="wikitable"
+! Type
-Authorization model for installed content: None
+! Use Cases
+! Authorization Model
-Potential mitigations:N/A
+! Notes & Other Controls
+|-
-== Privileged (approved by app store) ==
+| Web Content || None|| No access
-Use cases: Talk to non-HTTP services.  SSH, FTP, mail clients, supporting custom protocols
+|-
+| Installed Web Apps || None || No access
-Authorization model: Implicit
+|-
+| Privileged Web Apps || Talk to non-HTTP services.  SSH, FTP, mail clients, supporting custom protocols || Implicit||
-Potential mitigations:
 *Firewall should prohibit access to privileged low number OS ports (<1024).
 *Listening on a port < 1024 should be prohibited.
-*Specify hosts/ports in the manifest, permissions granted implicitly. user can modify permissions?
+*Specify hosts/ports in the manifest, permissions granted implicitly.
+|-
-== Certified (system-critical apps) ==
+| Certified Web Apps || Open a connection to any domain/port || Implicit || specify hosts/ports in the manifest, permissions granted implicitly and not able to be revoked (unless device is in developer mode)
-Use cases: Open a connection to any domain/port
+|}
-Authorization model: Implicit
-Potential mitigations: specify hosts/ports in the manifest, permissions granted implicitly and not able to be revoked (unless device is in developer mode)

WebAPI/Security/TCPSocket: Difference between revisions

WebAPI/Security/TCPSocket (view source)

Revision as of 12:15, 24 September 2012

Navigation menu

Search