Security/Reviews/Thunderbird/BigFiles: Difference between revisions
Jump to navigation
Jump to search
| (4 intermediate revisions by the same user not shown) | |||
| Line 21: | Line 21: | ||
== Any security threats already considered in the design and why?== | == Any security threats already considered in the design and why?== | ||
== Threat Brainstorming | == Threat Brainstorming== | ||
* annotations could be used to XSS | * annotations could be used to XSS | ||
* escape filename and other userdata sent in URLs | * escape filename and other userdata sent in URLs | ||
* MITM trying to subvert the SSL connection | * MITM trying to subvert the SSL connection | ||
== Conclusions / Action Items | |||
>> Please use format of : [Who] || What || Completion time frame | == Conclusions / Action Items == | ||
'''>> Please use format of : [Who] || What || Completion time frame''' | |||
* Needs privacy review. | * Needs privacy review. | ||
** TB Team || fill out privacy review template at https://wiki.mozilla.org/Privacy/ | ** TB Team || fill out privacy review template at https://wiki.mozilla.org/Privacy/Reviews/ThunderbirdBigFiles || before shipping code | ||
** TB Team || put high-level data flow into the privacy review (see other privacy reviews for example) || before shipping code | ** TB Team || put high-level data flow into the privacy review (see other privacy reviews for example) || before shipping code | ||
** TB Team || send mail to sid when it's ready or with questions || after filling out template | ** TB Team || send mail to sid when it's ready or with questions || after filling out template | ||
| Line 36: | Line 36: | ||
* dveditz || review code for usendit || before shipping | * dveditz || review code for usendit || before shipping | ||
* SecTeam/Tb Team || a security review of the "Provisioning" flow || <when?> soon, when designed. | * SecTeam/Tb Team || a security review of the "Provisioning" flow || <when?> soon, when designed. | ||
Other Questions: | |||
===Other Questions:=== | |||
* What's the project's ETA for shipping? | * What's the project's ETA for shipping? | ||
** 13-Mar-2012 (TB11) | ** 13-Mar-2012 (TB11) | ||
[[Category:SecReview]] | |||
Latest revision as of 20:53, 11 January 2012
- Items to be reviewed
https://wiki.mozilla.org/Features/Thunderbird/BigFiles | ThunderBird Big Files -- back-end
Introduce Feature
Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)
- store large file attachments in online storage
- providers are XPCOM components
- cooperating with service providers on both a technical and business side
- can be pulblic services or private (ie. local ftp)
- Files are uploaded when you attach them, possibly also from the attachment box afterwards.
- "provision" UI
- "logging in" UI
- "attachment" UI
- receiving a mail would have a link with some annotations
- who specifies these annotations?
- Thunderbird might do something special on receiving annotated mail (currently undefined -- automatically download, maybe?)
What solutions/approaches were considered other than the proposed solution?
Why was this solution chosen?
- appearance of online storage for large files is well understood and accepted
Any security threats already considered in the design and why?
Threat Brainstorming
- annotations could be used to XSS
- escape filename and other userdata sent in URLs
- MITM trying to subvert the SSL connection
Conclusions / Action Items
>> Please use format of : [Who] || What || Completion time frame
- Needs privacy review.
- TB Team || fill out privacy review template at https://wiki.mozilla.org/Privacy/Reviews/ThunderbirdBigFiles || before shipping code
- TB Team || put high-level data flow into the privacy review (see other privacy reviews for example) || before shipping code
- TB Team || send mail to sid when it's ready or with questions || after filling out template
- TB Team || add test that bad cert handler is working -- that users do NOT see a cert override dialog, the connection should just fail || before shipping code
- SecTeam Unassigned || impl review of OAUTH usage || before shipping
- dveditz || review code for usendit || before shipping
- SecTeam/Tb Team || a security review of the "Provisioning" flow || <when?> soon, when designed.
Other Questions:
- What's the project's ETA for shipping?
- 13-Mar-2012 (TB11)