canmove, Confirmed users
1,537
edits
Privacy/Reviews/F1A: Difference between revisions
→Credentials
| Line 397: | Line 397: | ||
''Requirement:'' These credentials are stored by the 3rd party webapp components who use them and only those components (and the browser, extended by the Share Mediator Component) should be able to touch them. Any non-oauth credentials should be stored in the password database (not localstorage) and, when possible, encrypted using the browser's master password. | ''Requirement:'' These credentials are stored by the 3rd party webapp components who use them and only those components (and the browser, extended by the Share Mediator Component) should be able to touch them. Any non-oauth credentials should be stored in the password database (not localstorage) and, when possible, encrypted using the browser's master password. | ||
{{ResolutionBox|{{}}}} | {{ResolutionBox|{{resolved|This software only ships with 3rd party webapps that use oauth and store the tokens in localstorage so there is no threat of password leak. When we open F1A to allow users to install additional apps, we will make clear in the documentation how to store different types of credentials properly.}}}} | ||
== Clearing Private Data == | == Clearing Private Data == | ||