canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Security/Reviews/BZBrowserID: Difference between revisions
no edit summary
(Created page with "{{SecReviewInfo |SecReview name=Bugzilla Extension for BrowserID |SecReview target= {{bug|721923}}
{{bug|698808}} }} {{SecReview}} {{SecReviewActionStatus |SecReview action ite...") |
No edit summary |
||
| Line 1: | Line 1: | ||
{{SecReviewInfo | {{SecReviewInfo | ||
|SecReview name=Bugzilla Extension for BrowserID | |SecReview name=Bugzilla Extension for BrowserID | ||
|SecReview target= | |SecReview target=http://bzr.mozilla.org/bugzilla/extensions/browserid/trunk/files | ||
Login interface: | |||
http://www.bugzilla.org/docs/4.0/en/html/api/Bugzilla/Auth/Login.html | |||
{{bug|698808}} | {{bug|698808}} | ||
}} | }} | ||
{{SecReview}} | {{SecReview | ||
|SecReview feature goal=* extension to Bugzilla for BrowserID logins | |||
** this is an alternative, can still use the old ways | |||
** will only work if you have no more than basic permissions | |||
*** "editbugs" and/or "canconfirm", plus "everyone" (obviously) | |||
*** answer: http://bzr.mozilla.org/bugzilla/extensions/browserid/trunk/annotate/head:/lib/Login.pm#L92 | |||
|SecReview alt solutions=* the current way to login | |||
|SecReview solution chosen=* want to extend the use of BrowserID | |||
* easier to login with BrowserID | |||
|SecReview threats considered=* higher rights users can not use this | |||
* easy to disable if we find a problem | |||
* same as the set of threats to BrowserID/Persona | |||
}} | |||
{{SecReviewActionStatus | {{SecReviewActionStatus | ||
|SecReview action item status= | |SecReview action item status=In Progress | ||
|SecReview action items=<table border="1"> | |||
<tr> | |||
<td>Who</td> | |||
<td>Action</td> | |||
<td>By When</td> | |||
<td>Completed date | |||
{{new|new}} | |||
{{done|Done}} | |||
{{miss|Miss}} | |||
</td> | |||
</tr> | |||
<tr> | |||
<td>Gerv</td> | |||
<td>Update code to check for absence of "nobrowserid" group </td> | |||
<td> </td> | |||
<td>{{new|new}} </td> | |||
</tr> | |||
<tr> | |||
<td>Gerv</td> | |||
<td>File bug on full verifier support (non blocker) </td> | |||
<td> </td> | |||
<td>{{new|new}} </td> | |||
</tr> | |||
<tr> | |||
<td>Gerv</td> | |||
<td>At appropriate moment, rename any UI elements to new branding </td> | |||
<td> </td> | |||
<td>{{new|new}} </td> | |||
</tr> | |||
<tr> | |||
<td>Gerv</td> | |||
<td>Create nobrowserid group and put relevant groups in it - all security, HR, legal </td> | |||
<td> </td> | |||
<td>{{new|new}} </td> | |||
</tr> | |||
</table> | |||
}} | }} | ||