177
edits
Apps/Security: Difference between revisions
Jump to navigation
Jump to search
m
→Boot 2 Gecko App Security Model Discussion
| Line 6: | Line 6: | ||
There are four separate areas where security work is required. Each area is separate but inter-related. Each is '''required''' and cannot be ignored. | There are four separate areas where security work is required. Each area is separate but inter-related. Each is '''required''' and cannot be ignored. | ||
* [[Apps/Security/Distribution|'''Secure Application Distribution''']]. | |||
A level of trust must be established between all four parties: B2G developers, Application developers, users and stores. | A level of trust must be established between all four parties: B2G developers, Application developers, users and stores. | ||
* [[Apps/Security/Enforcement|'''Application Permissions Enforcement''']]. | |||
This can '''only''' be done at the Operating System (kernel) level. | This can '''only''' be done at the Operating System (kernel) level. | ||
* [[Apps/Security/Permissions|'''Definition, management and presentation of the permissions to be enforced''']]. | |||
Examples include "app can access the IMEI number" and "app can make phone calls". | Examples include "app can access the IMEI number" and "app can make phone calls". | ||
* [[Apps/Security/StandardWebSecurity|'''Standard web security''']]. | |||
This is what is normally considered to be "the web" (XSS in AJAX etc.) and it still has a role to play in B2G. | This is what is normally considered to be "the web" (XSS in AJAX etc.) and it still has a role to play in B2G. | ||