177
edits
Apps/Security: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
No edit summary |
||
| Line 5: | Line 5: | ||
There are four separate areas where security work is required. Each area is separate but inter-related. Each is '''required''' and cannot be ignored. | There are four separate areas where security work is required. Each area is separate but inter-related. Each is '''required''' and cannot be ignored. | ||
# '''Secure Application Distribution'''. A level of trust must be established between all four parties: B2G developers, Application developers, users and stores. | # [[Apps/Security/Distribution|'''Secure Application Distribution''']]. A level of trust must be established between all four parties: B2G developers, Application developers, users and stores. | ||
# '''Application Permissions Enforcement'''. This can '''only''' be done at the Operating System (kernel) level. | # [[Apps/Security/Enforcement|'''Application Permissions Enforcement''']]. This can '''only''' be done at the Operating System (kernel) level. | ||
# '''Definition of the permissions to be enforced'''. Examples include "app can access the IMEI number" and "app can make phone calls". | # [[Apps/Security/Permissions|'''Definition, management and presentation of the permissions to be enforced''']]. Examples include "app can access the IMEI number" and "app can make phone calls". | ||
# '''Standard web security'''. This is what is normally considered to be "the web" (XSS in AJAX etc.) and it still has a role to play in B2G. | # [[Apps/Security/StandardWebSecurity|'''Standard web security''']]. This is what is normally considered to be "the web" (XSS in AJAX etc.) and it still has a role to play in B2G. | ||
* Track the status of [[B2G_App_Security_Model]] | * Track the status of [[B2G_App_Security_Model]] | ||