Security/Reviews/Gaia/FacebookIntegration: Difference between revisions

Adding some comments about datastore api
No edit summary
(Adding some comments about datastore api)
 
Line 162: Line 162:


The Facebook integration code caches Facebook contacts. It caches the raw Facebook API record, which might contain a bit more info than is actually used by Gaia for the contacts.
The Facebook integration code caches Facebook contacts. It caches the raw Facebook API record, which might contain a bit more info than is actually used by Gaia for the contacts.
This [https://developer.mozilla.org/en-US/docs/Web/API/Data_Store_API datastore] can be access just from certified apps, that means Firefox OS core apps like dialer or sms.


It also stores the OAuth token in <code>asyncStorage</code>. (Async wrapper around IndexedDB)
It also stores the OAuth token in <code>asyncStorage</code>. (Async wrapper around IndexedDB)


A number of basic bookkeeping values are also stored in <code>asyncStorage</code>, like the number of facebook friends, the time last updated, etc.
A number of basic bookkeeping values are also stored in <code>asyncStorage</code>, like the number of facebook friends, the time last updated, etc.
That data as it's on an indexedDB cannot be used outside the application scope.


====4. Denial of Service ====
====4. Denial of Service ====
Confirmed users
194

edits