canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Security/Reviews/Firefox7/ReviewNotes/AcctProvis: Difference between revisions
Security/Reviews/Firefox7/ReviewNotes/AcctProvis (view source)
Revision as of 19:11, 19 August 2011
, 19 August 2011→Threat Brainstorming (30-40 minutes)
| Line 27: | Line 27: | ||
*** We use these as default values in the provisioning form. | *** We use these as default values in the provisioning form. | ||
== Threat Brainstorming | == Threat Brainstorming == | ||
* Do we worry about the providers being hacked, and returning bad data to the Mozilla Messaging server? | * Do we worry about the providers being hacked, and returning bad data to the Mozilla Messaging server? | ||
** Possible but a threat that is not being handled now | ** Possible but a threat that is not being handled now | ||
| Line 36: | Line 36: | ||
* Do we need to delete cookies generated during the browsing when signing up for an account? | * Do we need to delete cookies generated during the browsing when signing up for an account? | ||
** Should we use private browsing mode, so that stuff gets removed when we're done? | ** Should we use private browsing mode, so that stuff gets removed when we're done? | ||
== Conclusions / Action Items (10-20 minutes) == | == Conclusions / Action Items (10-20 minutes) == | ||
*[bwinton] Document the assumption that all communication between all parties in this feature is done over secure channels (HTTPS/IMAPS/SMTPS), as the security review has assumed this. | *[bwinton] Document the assumption that all communication between all parties in this feature is done over secure channels (HTTPS/IMAPS/SMTPS), as the security review has assumed this. | ||