Security/WebAPI/Socket API

From MozillaWiki
< Security‎ | WebAPI
Revision as of 04:27, 21 May 2012 by Ptheriault (talk | contribs)
Jump to navigation Jump to search
Please use "Edit with form" above to edit this page.

Project Info

Socket API
Project Page https://bugzilla.mozilla.org/show_bug.cgi?id=733573
Next Milestone `
Security Resource `

{{#set:Component=Socket API |Project=https://bugzilla.mozilla.org/show_bug.cgi?id=733573 |Milestone=` |Resource=` }}

Security Information

Status: OK
Securtiy Approved for Beta Launch?: No
Data Flow Diagram: `
Threat Model: `
Bugs: `
Security Review: `
Final Security Approval: no

{{#set:Sectrackerstatus=OK |Simpyn=No |DFD=` |TM=` |bugs=` |Secreview=` |SecTrackerFSA=no }}

Background

Goals Expose Socket API so that Web Apps can connect to services requiring such access (e.g. SMTP Web App)

TCP Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=733573 UDP bug: https://bugzilla.mozilla.org/show_bug.cgi?id=745283

Articles:

Source:

Open Questions

  • Could any security restrictions be applied to mitigate security risk? E.g. we could prevent localhost connections - but this might prevent a valid use case.
  • (out of scope but important) How will credentials be stored (assuming that apps making connections will need credentials to make secure connections)

Threat Model

Authorization Model

Implementation Requirements

Retrieved from "https://wiki.mozilla.org/index.php?title=Security/WebAPI/Socket_API&oldid=432784"