Confirmed users
194
edits
Security/Reviews/Gaia/FacebookIntegration: Difference between revisions
Security/Reviews/Gaia/FacebookIntegration (view source)
Revision as of 23:46, 26 March 2015
, 26 March 2015Adding some comments about datastore api
No edit summary |
(Adding some comments about datastore api) |
||
| Line 162: | Line 162: | ||
The Facebook integration code caches Facebook contacts. It caches the raw Facebook API record, which might contain a bit more info than is actually used by Gaia for the contacts. | The Facebook integration code caches Facebook contacts. It caches the raw Facebook API record, which might contain a bit more info than is actually used by Gaia for the contacts. | ||
This [https://developer.mozilla.org/en-US/docs/Web/API/Data_Store_API datastore] can be access just from certified apps, that means Firefox OS core apps like dialer or sms. | |||
It also stores the OAuth token in <code>asyncStorage</code>. (Async wrapper around IndexedDB) | It also stores the OAuth token in <code>asyncStorage</code>. (Async wrapper around IndexedDB) | ||
A number of basic bookkeeping values are also stored in <code>asyncStorage</code>, like the number of facebook friends, the time last updated, etc. | A number of basic bookkeeping values are also stored in <code>asyncStorage</code>, like the number of facebook friends, the time last updated, etc. | ||
That data as it's on an indexedDB cannot be used outside the application scope. | |||
====4. Denial of Service ==== | ====4. Denial of Service ==== | ||