Personal tools

Browse wiki

From MozillaWiki

Jump to: navigation, search
Services/Sync/Features/MigrateToDigestAuth
Feature accessibility lead `  +
Feature accessibility notes `
Feature accessibility review `
Feature accessibility status `  +
Feature additional members `  +
Feature dependencies Must discuss replacement authentication protocol with security people (bsmith?)
Feature engineering notes `
Feature engineering status `  +
Feature engineering team Sync  +
Feature feature manager Jennifer Arguello  +
Feature functional spec `
Feature health OK  +
Feature implementation notes * https://bugzilla.mozilla.org/show_bug.cgi?id=445757
Feature implementation plan `
Feature landing criteria `
Feature lead engineer Chenxia Liu  +
Feature list Services  +
Feature localization lead `  +
Feature localization notes `
Feature localization review `
Feature localization status `  +
Feature name Migrate from Basic Auth  +
Feature non-goals Hope to get ahead in setting up security necessary for running a sync-key server
Feature open issues and risks Sync web servers receive username/pass in Sync web servers receive username/pass in cleartext (BasicAuth) through https before handing them off to LDAP/mySQL. Will be a problem when we store sync-keys protected by username/pass, because access to Sync web servers will be point of vulnerability. If an attacker gains control of Sync web servers, they will have access to username/pass in cleartext, can use these credentials to access sync-key, and then unencrypt user data stored on Sync web servers.rypt user data stored on Sync web servers.
Feature operations lead `  +
Feature operations notes `
Feature operations review ` +
Feature operations status `  +
Feature overview Replace BasicAuth with more secure system where Sync web servers do not have access to cleartext passwords. This protocol can be DigestAuth, public/private key, etc, needs to be cleared with Security.
Feature priority P2  +
Feature privacy lead `  +
Feature privacy notes `
Feature privacy review `
Feature privacy status `  +
Feature product manager Jennifer Arguello  +
Feature product marketing lead `  +
Feature product marketing notes `
Feature product marketing status `  +
Feature products notes `
Feature products status `  +
Feature project `  +
Feature qa lead Tracy Walker  +
Feature qa notes `
Feature qa review `
Feature qa status `  +
Feature rank 999  +
Feature requirements `
Feature roadmap Sync  +
Feature secondary roadmap `  +
Feature security health OK  +
Feature security lead Brian Smith (?)  +
Feature security notes `
Feature security review `
Feature security status sec-review-unnecessary  +
Feature stage Shelved  +
Feature status In progress  +
Feature status note `
Feature theme `  +
Feature users and use cases Users using Sync will use more secure protUsers using Sync will use more secure protocol (not BasicAuth) to authenticate access to Sync web servers. Passwords must not be passed around in plaintext. Migration: DigestAuth (strawman): will revert to BasicAuth once for calculating hash of password for authentication, and will use DigestAuth for all future authentication. DigestAuth for all future authentication.
Feature ux design `
Feature ux lead `  +
Feature ux notes `
Feature ux status `  +
Feature version TBD  +
Categories Feature Page  +
Modification dateThis property is a special property in this wiki. 12 January 2012 19:23:14  +
hide properties that link here 
  No properties link to this page.
 

 

Enter the name of the page to start browsing from.