MozillaWiki

B2G App Security Model/Threat Model: Difference between revisions

Page Discussion

B2G App Security Model/Threat Model (view source)

Revision as of 23:10, 27 March 2012

438 bytes removed ,  27 March 2012
→‎Potential Countermeasures
Line 43: Line 43:
** Prevent loading of remote scripts for critical apps
** Prevent loading of remote scripts for critical apps
** Prevent loading of remote content altogether
** Prevent loading of remote content altogether
* A combination of Digital Signing (people-based, GPG/PGP) and MD5+SHA1 checksums.
* Code Signing for static applications
** On receipt of a complete transfer of data, the digital signature and checksums are verified.
** Although network traffic can still be compromised, it merely inconveniences the user rather than results in a compromised device
** The initial GPG public keys, required for verification, '''must''' initially be transferred (factory-installed) in an offline manner or on a known-secure network.


=== Vulnerable Web App===
=== Vulnerable Web App===
Ptheriault
canmove, Confirmed users
1,220

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/412784"