WebAPI/Security/Settings: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
Line 1: Line 1:
Name of API: Settings API
Name of API: Settings API
Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=678695
References:
*https://bugzilla.mozilla.org/show_bug.cgi?id=678695
*Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/jkzLINWWiQA/discussion


Brief purpose of API: API to configure device settings
Brief purpose of API: API to configure device settings
General Use Cases: None
General Use Cases: None


Inherent threats:
Inherent threats:
*Access sensitive configuration data (wifi passwords etc)
*Access sensitive configuration data (WiFi passwords etc)
*Change settings which might cost user money (data settings, roaming etc)
*Change settings which might cost user money (data settings, roaming etc)
*Privacy implications  
*Privacy implications  
Line 13: Line 16:


== Regular web content (unauthenticated) ==
== Regular web content (unauthenticated) ==
*Use cases for unauthenticated code: Read/change non-sensitive settings
Use cases for unauthenticated code: Read/change non-sensitive settings
*Authorization model for normal content: None
 
*Authorization model for installed content: Implicit read access to limited settings. Write access via web intents.  
Authorization model for normal content: None
*Potential mitigations: Only non-sensitive settings will be exposed to regular apps.
 
Authorization model for installed content: Implicit read access to limited settings. Write access via web intents.  
 
Potential mitigations: Only non-sensitive settings will be exposed to regular apps.
 
== Privileged (approved by app store) ==
Use cases for authenticated code: Modify a specific setting - e.g. e-book app modifies brightness in response to lighting conditions
 
Authorization model: Implicit
 
Potential mitigations: Access to a subset of lower risk settings
 
== Certified (system-critical apps) ==
Use cases for certified code: replacement settings manager app


== Trusted (authenticated by publisher) ==
Authorization model: Implicit access to all settings
*Use cases for authenticated code: Modify a specific setting - e.g. e-book app modifies brightness in response to lighting conditions
*Authorization model: Implicit
*Potential mitigations: Access to a subset of lower risk settings


== Certified (vouched for by trusted 3rd party) ==
Potential mitigations: None
*Use cases for certified code: replacement settings manager app
*Authorization model: Implicit access to all settings
*Potential mitigations: None

Revision as of 21:37, 6 August 2012

Name of API: Settings API References:

Brief purpose of API: API to configure device settings

General Use Cases: None

Inherent threats:

  • Access sensitive configuration data (WiFi passwords etc)
  • Change settings which might cost user money (data settings, roaming etc)
  • Privacy implications

Threat severity: High

Regular web content (unauthenticated)

Use cases for unauthenticated code: Read/change non-sensitive settings

Authorization model for normal content: None

Authorization model for installed content: Implicit read access to limited settings. Write access via web intents.

Potential mitigations: Only non-sensitive settings will be exposed to regular apps.

Privileged (approved by app store)

Use cases for authenticated code: Modify a specific setting - e.g. e-book app modifies brightness in response to lighting conditions

Authorization model: Implicit

Potential mitigations: Access to a subset of lower risk settings

Certified (system-critical apps)

Use cases for certified code: replacement settings manager app

Authorization model: Implicit access to all settings

Potential mitigations: None

Retrieved from "https://wiki.allizom.org/index.php?title=WebAPI/Security/Settings&oldid=458300"