WebAPI/Security/Settings: Difference between revisions
Jump to navigation
Jump to search
Ptheriault (talk | contribs) No edit summary |
No edit summary |
||
| Line 13: | Line 13: | ||
== Regular web content (unauthenticated) == | == Regular web content (unauthenticated) == | ||
Use cases for unauthenticated code: Read/change non-sensitive settings | *Use cases for unauthenticated code: Read/change non-sensitive settings | ||
Authorization model for normal content: None | *Authorization model for normal content: None | ||
Authorization model for installed content: Implicit read access to limited settings. Write access OS mediated. | *Authorization model for installed content: Implicit read access to limited settings. Write access OS mediated. | ||
Potential mitigations: Only non-sensitive settings will be exposed to regular apps. | *Potential mitigations: Only non-sensitive settings will be exposed to regular apps. | ||
== Trusted (authenticated by publisher) == | == Trusted (authenticated by publisher) == | ||
Use cases for authenticated code: Modify a specific setting - e.g. e-book app modifies brightness in response to lighting conditions | *Use cases for authenticated code: Modify a specific setting - e.g. e-book app modifies brightness in response to lighting conditions | ||
Authorization model: Implicit | *Authorization model: Implicit | ||
Potential mitigations: Access to a subset of lower risk settings | *Potential mitigations: Access to a subset of lower risk settings | ||
== Certified (vouched for by trusted 3rd party) == | == Certified (vouched for by trusted 3rd party) == | ||
Use cases for certified code: replacement settings manager app | *Use cases for certified code: replacement settings manager app | ||
Authorization model: Implicit access to all settings | *Authorization model: Implicit access to all settings | ||
Potential mitigations: None | *Potential mitigations: None | ||
Revision as of 21:52, 30 July 2012
Name of API: Settings API Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=678695
Brief purpose of API: API to configure device settings General Use Cases: None
Inherent threats:
- Access sensitive configuration data (wifi passwords etc)
- Change settings which might cost user money (data settings, roaming etc)
- Privacy implications
Threat severity: High
Regular web content (unauthenticated)
- Use cases for unauthenticated code: Read/change non-sensitive settings
- Authorization model for normal content: None
- Authorization model for installed content: Implicit read access to limited settings. Write access OS mediated.
- Potential mitigations: Only non-sensitive settings will be exposed to regular apps.
Trusted (authenticated by publisher)
- Use cases for authenticated code: Modify a specific setting - e.g. e-book app modifies brightness in response to lighting conditions
- Authorization model: Implicit
- Potential mitigations: Access to a subset of lower risk settings
Certified (vouched for by trusted 3rd party)
- Use cases for certified code: replacement settings manager app
- Authorization model: Implicit access to all settings
- Potential mitigations: None