WebAPI/Security/Contacts: Difference between revisions
Ptheriault (talk | contribs) (Created page with "== Contacts API== Reference:https://wiki.mozilla.org/WebAPI/ContactsAPI Brief purpose of API: Access to users contacts. General Use Cases:N/A Inherent threats: *Read/exfiltrate...") |
mNo edit summary |
||
| Line 13: | Line 13: | ||
=== Regular web content (unauthenticated) === | === Regular web content (unauthenticated) === | ||
Use cases for unauthenticated code: Mediated access | Use cases for unauthenticated code: Mediated access to specific (user selected) contact | ||
information | information | ||
Authorization model for uninstalled web content: OS mediated (web | Authorization model for uninstalled web content: OS mediated (web | ||
activities, or trusted UI)<br> | activities, or trusted UI)<br> | ||
Authorization model for installed web content: OS mediated (web | Authorization model for installed web content: OS mediated (web | ||
activities, or trusted UI) | activities, or trusted UI) | ||
Potential mitigations: | Potential mitigations: | ||
| Line 25: | Line 26: | ||
=== Trusted (authenticated by publisher) === | === Trusted (authenticated by publisher) === | ||
Use cases for authenticated code: Create,read or edit contact information | Use cases for authenticated code: Create, read or edit contact information | ||
Authorization model: Explicit | |||
Authorization model: Explicit | |||
Potential mitigations: | Potential mitigations: | ||
* Let user configure what data is accessible (globally?) | * Let user configure what data is accessible (globally?) | ||
| Line 34: | Line 37: | ||
=== Certified (vouched for by trusted 3rd party) === | === Certified (vouched for by trusted 3rd party) === | ||
Use cases for certified code: Create,read or edit contact information | Use cases for certified code: Create, read or edit contact information | ||
Authorization model: Implicit | Authorization model: Implicit | ||
Potential mitigations: None | Potential mitigations: None | ||
Revision as of 12:17, 25 June 2012
Contacts API
Reference:https://wiki.mozilla.org/WebAPI/ContactsAPI Brief purpose of API: Access to users contacts.
General Use Cases:N/A
Inherent threats:
- Read/exfiltrate confidential information,
- Destroy user's contact data
- DoS via filling address book with bogus data
Threat severity: high
Regular web content (unauthenticated)
Use cases for unauthenticated code: Mediated access to specific (user selected) contact information
Authorization model for uninstalled web content: OS mediated (web
activities, or trusted UI)
Authorization model for installed web content: OS mediated (web
activities, or trusted UI)
Potential mitigations:
- App requests a contact via web activities or trusted UI
- API provides a local identifier instead of the actual contact information
Trusted (authenticated by publisher)
Use cases for authenticated code: Create, read or edit contact information
Authorization model: Explicit
Potential mitigations:
- Let user configure what data is accessible (globally?)
- Have separate permissions read,create or update/delete? (assuming that
many apps only want read, and could use web activities to create a contact if necessary?)
Certified (vouched for by trusted 3rd party)
Use cases for certified code: Create, read or edit contact information
Authorization model: Implicit
Potential mitigations: None