Labs/Weave/Sync Client Security Review: Difference between revisions
Jump to navigation
Jump to search
| Line 63: | Line 63: | ||
== Configuration == | == Configuration == | ||
* Can the end user configure settings, via a UI or about:config? Hidden prefs? Environment variables? | * Can the end user configure settings, via a UI or about:config? Hidden prefs? Environment variables? | ||
** Pref pane controls what data gets synced and which account is logged in | |||
** about:config contains other prefs that the service uses for data storage like logging levels, when to sync, server urls, prefs to sync | |||
** Password/passphrase are stored with the password manager | |||
* Are there build options for developers? [#ifdefs, ac_add_options, etc.] | * Are there build options for developers? [#ifdefs, ac_add_options, etc.] | ||
** Packaging for dev/amo channels (sets update url) | |||
** Rebuilding crypto library | |||
* What ranges for the tunable are appropriate? How are they determined? | * What ranges for the tunable are appropriate? How are they determined? | ||
** Sync intervals depend on the makeup of clients connected (desktop? mobile? how many?) | |||
* What are its on-going maintenance requirements (e.g. Web links, perishable data files)? | * What are its on-going maintenance requirements (e.g. Web links, perishable data files)? | ||
** Update urls/updated landing page | |||
== Relationships to other projects == | == Relationships to other projects == | ||
Revision as of 17:47, 10 February 2010
Overview
Synchronize your bookmarks, history, tabs and passwords wherever you go. Whether you use Firefox on your phone, laptop, or desktop, securely access all your data.
- Background links
- https://mozillalabs.com/weave/
- https://hg.mozilla.org/labs/weave/
- https://addons.mozilla.org/en-US/firefox/addon/10868
Security and Privacy
- Is this feature a security feature? If it is, what security issues is it intended to resolve?
- Securely sync data across browser profiles by encrypting and storing data on Weave servers
- What potential security issues in your feature have you already considered and addressed?
- Encrypting data that requires a passphrase that only the user knows to unlock
- Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing?
- Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project.
- How are transitions in/out of Private Browsing mode handled?
- Sync is disabled during private browsing and reschedules on exit
Exported APIs
- Please provide a table of exported interfaces (APIs, ABIs, protocols, UI, etc.)
- Firefox status bar: allows triggering sync and connect
- Firefox pref pane: configure what data to sync to which account
- Firefox tabs view: view and open tabs from other profiles in a menu
- Fennec pref pane: connect and sync
- Fennec tabs view: view and open tabs from content space
- Does it interoperate with a web service? How will it do so?
- https://wiki.mozilla.org/Labs/Weave/API storage/user APIs
- Explain the significant file formats, names, syntax, and semantics.
- JSON: local temporary storage (changes, to fetch)
- Are the externally visible interfaces documented clearly enough for a non-Mozilla developer to use them successfully?
- Does it change any existing interfaces?
- Extra data is stored using existing annotation interfaces
Module interactions
- What other modules are used (REQUIRES in the makefile, interfaces)?
- NSS: WeaveCrypto
- Places: Bookmarks/History
- LoginManager: Passwords
- FormHistory: autofill data
- Browser/Sessionstore: Open tabs
- Prefs: some preferences synced
Data
- What data is read or parsed by this feature?
- Records from the server are stored as WBO (weave basic object) with encrypted JSON payloads that are specific to the particular data synced
- What is the output of this feature?
- Profile data recreated on another profile, e.g., bookmarks and history
- What storage formats are used?
- JSON for talking to the server as well as local caching
- Prefs with simple values (int/bool/string) for basic local storage
Reliability
- What failure modes or decision points are presented to the user?
- Account creation: username check, password/passphrase strength, captcha
- Login: username/password/passphrase failures
- Sync direction: choose to merge/wipe data locally/wipe all other machines
- Sync: notifications are shown based on the type of failure to do nothing (auto-retry) or present actions (e.g., upgrade add-on)
- Can its files be corrupted by failures? Does it clean up any locks/files after crashes?
- Potentially some data might get lost if it was in the process of being downloaded, but it'll refetch at a later time when the data updates
- Data to be uploaded are cached by GUID on disk to persist across crash/restarts
Configuration
- Can the end user configure settings, via a UI or about:config? Hidden prefs? Environment variables?
- Pref pane controls what data gets synced and which account is logged in
- about:config contains other prefs that the service uses for data storage like logging levels, when to sync, server urls, prefs to sync
- Password/passphrase are stored with the password manager
- Are there build options for developers? [#ifdefs, ac_add_options, etc.]
- Packaging for dev/amo channels (sets update url)
- Rebuilding crypto library
- What ranges for the tunable are appropriate? How are they determined?
- Sync intervals depend on the makeup of clients connected (desktop? mobile? how many?)
- What are its on-going maintenance requirements (e.g. Web links, perishable data files)?
- Update urls/updated landing page
Relationships to other projects
Are there related projects in the community?
- If so, what is the proposal's relationship to their work? Do you depend on others' work, or vice-versa?
- Are you updating, copying or changing functional areas maintained by other groups? How are you coordinating and communicating with them? Do they "approve" of what you propose?