Firefox/Projects/AccountManager/SecurityReview: Difference between revisions
< Firefox | Projects | AccountManager
Jump to navigation
Jump to search
| Line 8: | Line 8: | ||
== Security and Privacy == | == Security and Privacy == | ||
* Is this feature a security feature? If it is, what security issues is it intended to resolve? | * Is this feature a security feature? If it is, what security issues is it intended to resolve? | ||
It's not a security feature ''per se'', but it does have strong ties to security. Account Manager is intended to abstract out how sites deal with authentication, and in so doing make it possible for authentication components to be swapped in later (as opposed to the status quo of being married to web forms). | |||
* What potential security issues in your feature have you already considered and addressed? | * What potential security issues in your feature have you already considered and addressed? | ||
Please see the [https://wiki.mozilla.org/Labs/Weave/Identity/Account_Manager/Spec/Latest#Security_Considerations Security Considerations] section of the Account Manager specification. | |||
* Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing? | * Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing? | ||
There are no preferences or configuration files. | |||
* Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project. | * Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project. | ||
The [https://wiki.mozilla.org/Labs/Weave/Identity/Account_Manager/Spec/Latest#Security_Considerations Security Considerations] section of the specification contains possible attack vectors for the feature. | |||
* How are transitions in/out of Private Browsing mode handled? | * How are transitions in/out of Private Browsing mode handled? | ||
fixme: don't know | |||
== Exported APIs == | == Exported APIs == | ||
Revision as of 21:28, 31 August 2010
Overview
Describe the goals and objectives of the feature here.
- Background links
- bug 571409 Add Account Manager support to Firefox
- HTTP Extensions for Account Management and Session Identification
Security and Privacy
- Is this feature a security feature? If it is, what security issues is it intended to resolve?
It's not a security feature per se, but it does have strong ties to security. Account Manager is intended to abstract out how sites deal with authentication, and in so doing make it possible for authentication components to be swapped in later (as opposed to the status quo of being married to web forms).
- What potential security issues in your feature have you already considered and addressed?
Please see the Security Considerations section of the Account Manager specification.
- Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing?
There are no preferences or configuration files.
- Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project.
The Security Considerations section of the specification contains possible attack vectors for the feature.
- How are transitions in/out of Private Browsing mode handled?
fixme: don't know
Exported APIs
- Please provide a table of exported interfaces (APIs, ABIs, protocols, UI, etc.)
- Does it interoperate with a web service? How will it do so?
- Explain the significant file formats, names, syntax, and semantics.
- Are the externally visible interfaces documented clearly enough for a non-Mozilla developer to use them successfully?
- Does it change any existing interfaces?
Module interactions
- What other modules are used (REQUIRES in the makefile, interfaces)?
- Resource.jsm for network GET/PUT/POST (similar to sync)
- Password Manager for storing/getting username/password accounts
- PopupNotifications for showing UI and handling interactions
Data
- What data is read or parsed by this feature?
- What is the output of this feature?
- What storage formats are used?
Reliability
- What failure modes or decision points are presented to the user?
- Can its files be corrupted by failures? Does it clean up any locks/files after crashes?
Configuration
- Can the end user configure settings, via a UI or about:config? Hidden prefs? Environment variables?
- Are there build options for developers? [#ifdefs, ac_add_options, etc.]
- What ranges for the tunable are appropriate? How are they determined?
- What are its on-going maintenance requirements (e.g. Web links, perishable data files)?
Relationships to other projects
Are there related projects in the community?
- If so, what is the proposal's relationship to their work? Do you depend on others' work, or vice-versa?
- Are you updating, copying or changing functional areas maintained by other groups? How are you coordinating and communicating with them? Do they "approve" of what you propose?