canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Security/Reviews/Firefox7/ReviewNotes/FennecSessionStore: Difference between revisions
Security/Reviews/Firefox7/ReviewNotes/FennecSessionStore (view source)
Revision as of 19:32, 4 January 2012
, 4 January 2012no edit summary
(Created page with "Items to be reviewed: Session Store Enhancements - https://wiki.mozilla.org/Fennec/Features/sessionstore Agenda: == Introduce Feature (5-10 minutes) == === Goal of Feature, wh...") |
No edit summary |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
Session Store Enhancements - https://wiki.mozilla.org/Fennec/Features/sessionstore | Session Store Enhancements - https://wiki.mozilla.org/Fennec/Features/sessionstore | ||
Agenda: | Agenda: | ||
== Introduce Feature | == Introduce Feature == | ||
=== Goal of Feature, what is trying to be achieved (problem solved, use cases, etc) === | === Goal of Feature, what is trying to be achieved (problem solved, use cases, etc) === | ||
* Enhance Session Store for better performance and memory management and for a smoother user experience, e.g. faster restart on crash or after Android killed the process in the background. Pick up where user left off (e.g. after crash or when terminated in background), adding session history (currently: only save last URL), performance improvements. | * Enhance Session Store for better performance and memory management and for a smoother user experience, e.g. faster restart on crash or after Android killed the process in the background. Pick up where user left off (e.g. after crash or when terminated in background), adding session history (currently: only save last URL), performance improvements. | ||
| Line 29: | Line 29: | ||
* file permission to create files | * file permission to create files | ||
** was world readable, have changed this on android {{bug|650509}} | ** was world readable, have changed this on android {{bug|650509}} | ||
== Threat Brainstorming | |||
== Threat Brainstorming == | |||
* tracking of threats as to what platforms are affected | * tracking of threats as to what platforms are affected | ||
** with a divergent code base between desktop and mobile this could be more difficult to discern | ** with a divergent code base between desktop and mobile this could be more difficult to discern | ||
| Line 38: | Line 39: | ||
* can a website purposly bloat this data to use up space | * can a website purposly bloat this data to use up space | ||
** with desktop possibly, on mobile no; 50 limit on session data and less is held | ** with desktop possibly, on mobile no; 50 limit on session data and less is held | ||
== Conclusions / Action Items | |||
== Conclusions / Action Items == | |||
* {suggestion} Secteam should help write guidelines about default security settings for reading/writing files (e.g. file permissions, file locations, ensuring to limit websites' ability to DoS by creating excessive amounts of data, need to review exceptions to default recommended permissions.) | * {suggestion} Secteam should help write guidelines about default security settings for reading/writing files (e.g. file permissions, file locations, ensuring to limit websites' ability to DoS by creating excessive amounts of data, need to review exceptions to default recommended permissions.) | ||
* This raises the need to do a review of e10s, especially the shared memory sections (bsmedberg, Chris Jones, Ollie) | * This raises the need to do a review of e10s, especially the shared memory sections (bsmedberg, Chris Jones, Ollie) | ||
[[Category:SecReview|FennecSessionStore]] | |||