Confirmed users
2,615
edits
User:Dmose:Protocol Handler Security Review: Difference between revisions
User:Dmose:Protocol Handler Security Review (view source)
Revision as of 02:30, 25 October 2007
, 25 October 2007→Security and Privacy
No edit summary |
|||
| Line 1: | Line 1: | ||
= Status = | = Status = | ||
;Feature tracking bug | ;Feature tracking bug | ||
| Line 45: | Line 44: | ||
* Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing? | * Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing? | ||
** mime-types.rdf corruption / missing | ** mime-types.rdf corruption / missing | ||
** application | ** application pref file (firefox.js or equivalent) missing | ||
** user prefs.js missing | ** user prefs.js missing | ||
** ISP DNS expiration | ** ISP DNS expiration | ||
| Line 55: | Line 54: | ||
** Potential Risks | ** Potential Risks | ||
*** Phishy? (Encourages in-browser auth?) | *** Phishy? (Encourages in-browser auth?) | ||
*** The HTML5 spec has a http://www.whatwg.org/specs/web-apps/current-work/#security3 list of possible security issues] that should be gone through | *** The HTML5 spec has a [http://www.whatwg.org/specs/web-apps/current-work/#security3 list of possible security issues] that should be gone through | ||
*** Uses of web-handled URIs in contexts other than in href attribute of a element | *** Uses of web-handled URIs in contexts other than in href attribute of a element | ||
**** object | **** object | ||