WebAPI/Security/Wifi: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(Had the wrong page in here (bluetooth))
No edit summary
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Name of API: Wifi API
==  Wifi API ==
Reference: http://groups.google.com/group/mozilla.dev.webapi/browse_thread/thread/ed980c42261c5f4a?pli=1
Brief purpose of API: Read wifi network information (read-only). All network changes should go through settings API.


Brief purpose of API: Read wifi network information (read-only).  All network changes should go through settings API.
General Use Cases: None
General Use Cases: None


Inherent threats: Privacy(identify user, geolocation, based on wifi characteristics)
Inherent threats: Privacy (identify user, geolocation, based on wifi characteristics)


Threat severity: Moderate
Threat severity: Moderate


== Regular web content (unauthenticated) ==
{| border="1" class="wikitable"
*Use cases for unauthenticated code:None
! Type
*Authorization model for normal content:
! Use Cases
*Authorization model for installed content:
! Authorization Model
*Potential mitigations:
! Notes & Other Controls
 
|-
== Trusted (authenticated by publisher) ==
| Web Content || None || No access ||
*Use cases for authenticated code:
|-
** Wifi sniffer app
| Installed Web Apps || None || No access ||
*Use cases for trusted code: Explicit
|-
*Potential  mitigations:
| Privileged Web Apps || Wifi sniffer app || Explicit ||
|-
| Certified Web Apps || Wifi Manager || Implicit ||
|}


== Certified (vouched for by trusted 3rd party) ==
[[Category:Web APIs]]
*Use cases for certified code: Wifi Manager
[[Category:Security]]
*Authorization model: Implicit
*Potential mitigations:

Latest revision as of 23:43, 1 October 2014

Wifi API

Brief purpose of API: Read wifi network information (read-only). All network changes should go through settings API.

General Use Cases: None

Inherent threats: Privacy (identify user, geolocation, based on wifi characteristics)

Threat severity: Moderate

Type Use Cases Authorization Model Notes & Other Controls
Web Content None No access
Installed Web Apps None No access
Privileged Web Apps Wifi sniffer app Explicit
Certified Web Apps Wifi Manager Implicit
Retrieved from "https://wiki.allizom.org/index.php?title=WebAPI/Security/Wifi&oldid=1021355"