MozillaWiki

Apps/Security: Difference between revisions

Page Discussion

Apps/Security (view source)

Revision as of 21:16, 22 March 2012

1 byte added ,  22 March 2012
no edit summary
No edit summary
No edit summary
Line 46: Line 46:
# '''Definition of the permissions to be enforced'''.  Examples include "app can access the IMEI number" and "app can make phone calls".
# '''Definition of the permissions to be enforced'''.  Examples include "app can access the IMEI number" and "app can make phone calls".
# '''Standard web security'''.  This is what is normally considered to be "the web" (XSS in AJAX etc.) and it still has a role to play in B2G.
# '''Standard web security'''.  This is what is normally considered to be "the web" (XSS in AJAX etc.) and it still has a role to play in B2G.
===Process for granting permissions===
#By default all Web Apps have the no special permissions, the same as any other web page.
#A Web App requests permissions in the manifest when submitting to a store (an application may only be granted permissions that it requests in the manifest)
#An App Store can grant permissions to a Web App during the install process (but not necessarily all of the requested permissions
#The user’s default permission policy is applied to the requested permissions (see permissions management) and requested permissions are updated
#The user is informed of the permissions during installation, and can modify them if desired, or choose to trust the defaults set by the App Store.
Note: If sensitive permissions are requested, certain security requirements may be placed on the application.
(''comment: this section appears to be in discussion or proposal form, not a summary form. as such it should be moved to a suitable section'')




Line 392: Line 381:


(''comment: these permission types are not really a summary, and as such should be moved to a suitable section'')
(''comment: these permission types are not really a summary, and as such should be moved to a suitable section'')
===Process for granting permissions===
#By default all Web Apps have the no special permissions, the same as any other web page.
#A Web App requests permissions in the manifest when submitting to a store (an application may only be granted permissions that it requests in the manifest)
#An App Store can grant permissions to a Web App during the install process (but not necessarily all of the requested permissions
#The user’s default permission policy is applied to the requested permissions (see permissions management) and requested permissions are updated
#The user is informed of the permissions during installation, and can modify them if desired, or choose to trust the defaults set by the App Store.
Note: If sensitive permissions are requested, certain security requirements may be placed on the application.
(''comment: this section appears to be in discussion or proposal form, not a summary form. as such it should be moved to a suitable section'')
=== Types of Runnables ===
=== Types of Runnables ===
The scope of the permissions model is limited to Open Web Apps, which are applications written web technologies (HTML, JS, CSS).  
The scope of the permissions model is limited to Open Web Apps, which are applications written web technologies (HTML, JS, CSS).  
Lkcl
177

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/410802"