Confirmed users
169
edits
Privacy/Reviews/F1A: Difference between revisions
Jump to navigation
Jump to search
→Credentials
Mixedpuppy (talk | contribs) |
|||
| Line 391: | Line 391: | ||
== Credentials == | == Credentials == | ||
There are various credentials employed in this system ( | There are various credentials employed in this system (oauth tokens) that are used via OWA and the 3rd party webapp components to share information. Additionally, other users of the system could potentially have access to a user's sharing credentials. The OAuth tokens are stored in the apps localStorage. | ||
''The Risk'' is that these credentials might be leaked across third parties or to other users of the system. | ''The Risk'' is that these credentials might be leaked across third parties or to other users of the system. | ||
| Line 397: | Line 397: | ||
''Requirement:'' These credentials are stored by the 3rd party webapp components who use them and only those components (and the browser, extended by the Share Mediator Component) should be able to touch them. Any non-oauth credentials should be stored in the password database (not localstorage) and, when possible, encrypted using the browser's master password. | ''Requirement:'' These credentials are stored by the 3rd party webapp components who use them and only those components (and the browser, extended by the Share Mediator Component) should be able to touch them. Any non-oauth credentials should be stored in the password database (not localstorage) and, when possible, encrypted using the browser's master password. | ||
{{ResolutionBox|{{ | {{ResolutionBox|{{}}}} | ||
== Clearing Private Data == | == Clearing Private Data == | ||