Labs/Weave/Sync Client Security Review: Difference between revisions
Jump to navigation
Jump to search
| Line 16: | Line 16: | ||
== Exported APIs == | == Exported APIs == | ||
* Please provide a table of exported interfaces (APIs, ABIs, protocols, UI, etc.) | * Please provide a table of exported interfaces (APIs, ABIs, protocols, UI, etc.) | ||
** Firefox status bar: | |||
** Firefox pref pane: | |||
** Firefox tabs view: | |||
** Fennec pref pane: | |||
** Fennec tabs view: | |||
* Does it interoperate with a web service? How will it do so? | * Does it interoperate with a web service? How will it do so? | ||
** https://wiki.mozilla.org/Labs/Weave/API storage/user APIs | |||
* Explain the significant file formats, names, syntax, and semantics. | * Explain the significant file formats, names, syntax, and semantics. | ||
** JSON: local temporary storage (changes, to fetch) | |||
* Are the externally visible interfaces documented clearly enough for a non-Mozilla developer to use them successfully? | * Are the externally visible interfaces documented clearly enough for a non-Mozilla developer to use them successfully? | ||
** https://wiki.mozilla.org/Labs/Weave/Developer | |||
* Does it change any existing interfaces? | * Does it change any existing interfaces? | ||
Revision as of 20:33, 9 February 2010
Overview
Synchronize your bookmarks, history, tabs and passwords wherever you go. Whether you use Firefox on your phone, laptop, or desktop, securely access all your data.
- Background links
- https://mozillalabs.com/weave/
- https://hg.mozilla.org/labs/weave/
- https://addons.mozilla.org/en-US/firefox/addon/10868
Security and Privacy
- Is this feature a security feature? If it is, what security issues is it intended to resolve?
- What potential security issues in your feature have you already considered and addressed?
- Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing?
- Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project.
- How are transitions in/out of Private Browsing mode handled?
Exported APIs
- Please provide a table of exported interfaces (APIs, ABIs, protocols, UI, etc.)
- Firefox status bar:
- Firefox pref pane:
- Firefox tabs view:
- Fennec pref pane:
- Fennec tabs view:
- Does it interoperate with a web service? How will it do so?
- https://wiki.mozilla.org/Labs/Weave/API storage/user APIs
- Explain the significant file formats, names, syntax, and semantics.
- JSON: local temporary storage (changes, to fetch)
- Are the externally visible interfaces documented clearly enough for a non-Mozilla developer to use them successfully?
- Does it change any existing interfaces?
Module interactions
- What other modules are used (REQUIRES in the makefile, interfaces)?
Data
- What data is read or parsed by this feature?
- What is the output of this feature?
- What storage formats are used?
Reliability
- What failure modes or decision points are presented to the user?
- Can its files be corrupted by failures? Does it clean up any locks/files after crashes?
Configuration
- Can the end user configure settings, via a UI or about:config? Hidden prefs? Environment variables?
- Are there build options for developers? [#ifdefs, ac_add_options, etc.]
- What ranges for the tunable are appropriate? How are they determined?
- What are its on-going maintenance requirements (e.g. Web links, perishable data files)?
Relationships to other projects
Are there related projects in the community?
- If so, what is the proposal's relationship to their work? Do you depend on others' work, or vice-versa?
- Are you updating, copying or changing functional areas maintained by other groups? How are you coordinating and communicating with them? Do they "approve" of what you propose?