canmove, Confirmed users
1,567
edits
Extension Manager:Addon Update Security: Difference between revisions
Jump to navigation
Jump to search
Extension Manager:Addon Update Security (view source)
Revision as of 09:40, 29 June 2007
, 29 June 2007→Securing Update Manifests Through SSL
| Line 45: | Line 45: | ||
This mechanism ensures that the update manifest has been retrieved un-tampered from the url specified by the add-on. It should be noted though that this does not guarantee the update manifest came from the original add-on author since the domain name hosting the manifest may have changed hands. | This mechanism ensures that the update manifest has been retrieved un-tampered from the url specified by the add-on. It should be noted though that this does not guarantee the update manifest came from the original add-on author since the domain name hosting the manifest may have changed hands. | ||
Note that it is not enough for the update url to be specified as https, a check will be made that the certificate is valid and that the url at no point redirects to a non-secure url. | |||
=== Securing Update Manifests Through Digital Signatures === | === Securing Update Manifests Through Digital Signatures === | ||