canmove, Confirmed users
1,220
edits
FirefoxOS/New security model: Difference between revisions
Jump to navigation
Jump to search
→Verifying signatures
Ptheriault (talk | contribs) |
Ptheriault (talk | contribs) |
||
| Line 47: | Line 47: | ||
</bugzilla> | </bugzilla> | ||
=== Verifying signatures | === Verifying signatures - {{Bug|1153422}} === | ||
To load a webpage in a signed package, the user navigates to a URL like "https://website.com/RSSReader2000/package.pak!//index.html". The part before the "!//" is the URL to the package itself. The part after the "!//" is the resource path inside the package. | |||
To load a webpage in a signed package, the user navigates to a URL like "https://website.com/RSSReader2000/package.pak!//index.html". The part before the "!//" is the URL to the package itself. The part after the "!//" is the resource path inside the package. | |||
So loading signed content does not require an installation to happen. Simply navigating to a URL like the above is enough. | So loading signed content does not require an installation to happen. Simply navigating to a URL like the above is enough. | ||
| Line 68: | Line 60: | ||
Another thing that needs to be done before any content is served by the network layer is to look in the manifest and populate the nsIPermissionManager database with any permissions enumerated in the manifest. After having checked that the manifest properly matches the signature of course. | Another thing that needs to be done before any content is served by the network layer is to look in the manifest and populate the nsIPermissionManager database with any permissions enumerated in the manifest. After having checked that the manifest properly matches the signature of course. | ||
Bug XXX - Verify the package signature | |||
Bug XXX - Ensure the package is verified before content is served | |||
Bug XXX - Set appropriate origin attributes for signed packages | |||
Bug XXX - cache the signature check so that we dont need to recheck everytime | |||
Bug XXX - register permissions, system messages etc on navigation to signed packages | Bug XXX - register permissions, system messages etc on navigation to signed packages | ||
Bug XXX - update of permissions, system messages & activities etc if you on package change/cache eviction etc | Bug XXX - update of permissions, system messages & activities etc if you on package change/cache eviction etc | ||
Bug XXX - create an "about:permissions: equivalent for FxOS which works for unpinned navigated to content. | Bug XXX - create an "about:permissions: equivalent for FxOS which works for unpinned navigated to content. | ||