Security/Reviews/Thunderbird/BigFiles

From MozillaWiki
Jump to: navigation, search
Items to be reviewed

https://wiki.mozilla.org/Features/Thunderbird/BigFiles | ThunderBird Big Files -- back-end

Introduce Feature

Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)

  • store large file attachments in online storage
  • providers are XPCOM components
  • cooperating with service providers on both a technical and business side
  • can be pulblic services or private (ie. local ftp)
  • Files are uploaded when you attach them, possibly also from the attachment box afterwards.
  • "provision" UI
  • "logging in" UI
  • "attachment" UI
  • receiving a mail would have a link with some annotations
    • who specifies these annotations?
  • Thunderbird might do something special on receiving annotated mail (currently undefined -- automatically download, maybe?)

What solutions/approaches were considered other than the proposed solution?

Why was this solution chosen?

  • appearance of online storage for large files is well understood and accepted

Any security threats already considered in the design and why?

Threat Brainstorming

  • annotations could be used to XSS
  • escape filename and other userdata sent in URLs
  • MITM trying to subvert the SSL connection

Conclusions / Action Items

>> Please use format of : [Who] || What || Completion time frame

  • Needs privacy review.
    • TB Team || fill out privacy review template at https://wiki.mozilla.org/Privacy/Reviews/ThunderbirdBigFiles || before shipping code
    • TB Team || put high-level data flow into the privacy review (see other privacy reviews for example) || before shipping code
    • TB Team || send mail to sid when it's ready or with questions || after filling out template
  • TB Team || add test that bad cert handler is working -- that users do NOT see a cert override dialog, the connection should just fail || before shipping code
  • SecTeam Unassigned || impl review of OAUTH usage || before shipping
  • dveditz || review code for usendit || before shipping
  • SecTeam/Tb Team || a security review of the "Provisioning" flow || <when?> soon, when designed.

Other Questions:

  • What's the project's ETA for shipping?
    • 13-Mar-2012 (TB11)